IPv6 question

Carter Bullard carter at qosient.com
Fri Apr 20 14:19:04 EDT 2007 

Hey Richard,
The problem   you reported is now fixed, and the best version
to use will be the final release candidate:

    ftp://qosient.com/dev/argus-3.0/argus-3.0.0.tar.gz

which I'll have on the server later today.

Hope all is most excellent!!!

Carter


On Apr 6, 2007, at 11:20 PM, Richard Bejtlich wrote:

> Hello everyone,
>
> This may be operator error.  This is the first time I've tried Argus
> monitoring IPv6.
>
> I'm using argus-clients-3.0.0.rc.42 and argus-3.0.0.rc.42 on  
> FreeBSD 6.1.
>
> I have a segment that is IPv6-only, which has a host gaining
> connectivity to the IPv6 Internet via a Teredo gateway as outlined
> here:
>
> http://taosecurity.blogspot.com/2006/09/ipv6-only-freebsd- 
> scenario.html
>
> Argus is watching the link between the IPv6-only host and the  
> Teredo gateway.
>
> To generate some traffic I do the following:
>
> 1. SSH from the gateway to the host.
> 2. FTP from the host to ftp.freebsd.org and retrieve a file.
>
> Argus is only seeing 1, but none of the actions associated with 2.
> Both 1 and 2 are IPv6.
>
> I tried doing these tests with a live Argus and then with Argus
> reading a trace of the activity.  Here is what ra reports:
>
> # /usr/local/argus-3.0.0.rc.42/sbin/argus -r /nsm/ipv6.test.1.lpc -w
> /nsm/ipv6.test.1.lpc.arg
>
> # /usr/local/argus-clients-3.0.0.rc.42/bin/ra -n -r /nsm/ipv6.test. 
> 1.lpc.arg
>   23:08:05.764764             tcp fe80::200:d1ff:fe*.62593     ->
> fe80::204:5aff:fe*.22           27       23         4373         5997
> CON
>
> If you'd like to look at the traffic, I posted it here:
>
> http://www.bejtlich.net/ipv6.test.1.lpc
>
> Can anyone tell me what I'm missing?  I looked through the list
> archives but nothing jumped out at me.
>
> Thank you,
>
> Richard
>

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070420/f6823f7e/attachment.html>

More information about the argus mailing list