netflow on clients.63?
Carter Bullard
carter at qosient.com
Tue Dec 18 10:16:12 EST 2007
Hey Peter,
Oh now I see. I'll try to get something out today for this.
As we get to where we want radium() to support netflow and argus
record sources simultaneously, I may modify the command-line.
Right now the -C sez all sources will be cisco. I'll try to weave that
in as well (may make for an easier fix for this problem).
Carter
On Dec 15, 2007, at 3:36 PM, Peter Van Epp wrote:
> Part of the problem seems to be that the supplied IP address doesn't
> get used to set up the socket:
>
> (gdb) s
> ArgusGetServerSocket (input=0xf7f48008, timeout=5) at ./
> argus_client.c:2146
> 2146 struct addrinfo *hp = input->host;
> (gdb) l
> ...
> 2258 int type = SOCK_DGRAM;
> 2259 if ((s = socket (AF_INET, type, 0)) >= 0) {
> 2260 struct sockaddr_in server;
> 2261 bzero(&server, sizeof(server));
> 2262
> 2263 if (input->addr.s_addr != 0)
> 2264 server.sin_addr.s_addr = htonl(input-
> >addr.s_addr);
> 2265 else
> 2266 server.sin_addr.s_addr = INADDR_ANY;
> 2267
>
> we select INADDR_ANY because input->addr.s_addr is indeed 0 (because
> the host IP is in input->host and not input->addr.s_addr):
>
> (gdb) print *input
> $7 = {qhdr = {nxt = 0x0, prv = 0x0, queue = 0x0, lasttime = {
> tv_sec = 1197749045, tv_usec = 669322}, logtime = {tv_sec = 0,
> tv_usec = 0}}, queue = 0x0, index = -1, mode = 16, fd = -1, in
> = 0,
> out = 0, offset = 0, major_version = 3, minor_version = 0, status =
> 16,
> host = 0x101f5138, addr = {s_addr = 0}, ostart = -1, ostop = -1,
> portnum = 1025, hostname = 0x0, filename = 0x0, file = 0x0, pipe =
> 0x0,
> ArgusLocalNet = 0, ArgusNetMask = 0, ArgusID = 0, ArgusIDType = 0,
> ArgusStartTime = {tv_sec = 0, tv_usec = 0}, ArgusLastTime = {tv_sec
> = 0,
> tv_usec = 0}, ArgusTimeDrift = 0, ArgusMarInterval = 0, statbuf = {
> st_dev = 0, st_ino = 0, st_mode = 0, st_nlink = 0, st_uid = 0,
> st_gid = 0,
> st_rdev = 0, __pad2 = 0, st_size = 0, st_blksize = 0, st_blocks =
> 0,
> st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0,
> tv_nsec = 0},
> st_ctim = {tv_sec = 0, tv_nsec = 0}, __unused4 = 0, __unused5 = 0},
> ArgusBufferLen = 0, ArgusReadBuffer = 0x0, ArgusConvBuffer = 0x0,
> ArgusReadPtr = 0x0, ArgusConvPtr = 0x0, ArgusReadBlockPtr = 0x0,
> ArgusReadSocketCnt = 0, ArgusReadSocketSize = 0,
> ArgusReadSocketState = 0,
> ArgusReadCiscoVersion = 0, ArgusReadSocketNum = 0, ArgusReadSize = 0,
> ArgusCiscoNetFlowParse = 0, ArgusInitCon = {hdr = {type = 180 '4',
> cause = 16 '\020', len = 32}, ar_un = {mar = {status = 0,
> argusid = 3849399755, localnet = 0, netmask = 0,
> nextMrSequenceNum = 0, startime = {tv_sec = 1197749045,
> tv_usec = 0},
> now = {tv_sec = 1197749045, tv_usec = 0}, major_version = 3
> '\003',
> minor_version = 0 '\0', interfaceType = 0 '\0',
> ---Type <return> to continue, or q <return> to quit---
> interfaceStatus = 0 '\0', reportInterval = 0, argusMrInterval
> = 0,
> pktsRcvd = 0, bytesRcvd = 0, drift = 0, records = 0, flows = 0,
> dropped = 0, queue = 0, output = 0, clients = 0, bufs = 0,
> bytes = 0,
> suserlen = 0, duserlen = 0, pad = {0, 0, 0}, thisid = 0,
> record_len = 4294967295}, far = {flow = {hdr = {type = 0 '\0',
> subtype = 0 '\0', dsr_un = {fl = {data = 0}, vl8 = {qual
> = 0 '\0',
> len = 0 '\0'}, vl16 = {len = 0}}}, flow_un = {ipv6 = {
> ip_src = {3849399755, 0, 0, 0}, ip_dst = {1197749045, 0,
> 1197749045, 0}, ip_p = 3, blank = 0, flow = 0, sport
> = 0,
> dport = 0}, ip = {ip_src = 3849399755, ip_dst = 0,
> ip_p = 0 '\0', tp_p = 0 '\0', sport = 0, dport = 0, pad
> = 0},
> mac = {ehdr = {ether_dhost = "eq-K\000",
> ether_shost = "\000\000\000\000\000", ether_type = 0},
> dsap = 0 '\0', ssap = 0 '\0'}, icmpv6 = {ip_src =
> {3849399755,
> 0, 0, 0}, ip_dst = {1197749045, 0, 1197749045, 0},
> ip_p = 3,
> blank = 0, flow = 0, type = 0 '\0', code = 0 '\0', id =
> 0},
> icmp = {ip_src = 3849399755, ip_dst = 0, ip_p = 0 '\0',
> tp_p = 0 '\0', type = 0 '\0', code = 0 '\0', id = 0,
> ip_id = 0},
> igmpv6 = {ip_src = {3849399755, 0, 0, 0}, ip_dst =
> {1197749045, 0,
> 1197749045, 0}, ip_p = 3, blank = 0, flow = 0, type =
> 0 '\0',
> code = 0 '\0', pad = 0}, igmp = {ip_src = 3849399755,
> ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', type = 0 '\0',
> code = 0 '\0', pad = 0, ip_id = 0}, espv6 = {ip_src = {
> ---Type <return> to continue, or q <return> to quit---
> 3849399755, 0, 0, 0}, ip_dst = {1197749045, 0,
> 1197749045, 0},
> ip_p = 3, blank = 0, flow = 0, spi = 0}, esp = {
> ip_src = 3849399755, ip_dst = 0, ip_p = 0 '\0', tp_p =
> 0 '\0',
> pad = 0, spi = 0}, arp = {hrd = 58737, pro = 11723,
> hln = 0 '\0', pln = 0 '\0', op = 0, arp_spa = 0,
> arp_tpa = 0,
> haddr = {{ethernet = "Gd35\000",
> ib =
> "Gd35\000\000\000\000Gd35\000\000\000\000\003", '\0' <repeats 14
> times>, ieee1394 = "Gd35\000\000\000\000Gd35\000\000\000",
> framerelay = "Gd35", tokenring = "Gd35\000", arcnet
> = "G",
> fiberchannel = "Gd35\000\000\000\000Gd35",
> atm =
> "Gd35\000\000\000\000Gd35\000\000\000\000\003\000\000"}}}, rarp =
> {hrd = 58737, pro = 11723, hln = 0 '\0', pln = 0 '\0', op = 0,
> arp_tpa = 0, shaddr = {{ethernet = "\000\000\000\000Gd",
> ib =
> "\000
> \000
> \000
> \000Gd35
> \000
> \000
> \000
> \000Gd35\000\000\000\000\003\000\000\000\000\000\000\000\000\000\000",
> ieee1394 =
> "\000\000\000\000Gd35\000\000\000\000Gd35",
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000Gd", arcnet = "",
> fiberchannel = "\000\000\000\000Gd35\000\000\000",
> atm =
> "\000\000\000\000Gd35\000\000\000\000Gd35\000\000\000"}}, dhaddr =
> {{ethernet = "\000\000\000\000\000", ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> framerelay = "\000\000\000",
> ---Type <return> to continue, or q <return> to quit---
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}}, iarp = {pro =
> 58737,
> hln = 45 '-', pln = 203 'K', arp_spa = 0, arp_tpa = 0,
> haddr = {{
> ethernet = "\000\000\000\000Gd",
> ib =
> "\000
> \000
> \000
> \000Gd35
> \000
> \000
> \000
> \000Gd35\000\000\000\000\003\000\000\000\000\000\000\000\000\000\000",
> ieee1394 =
> "\000\000\000\000Gd35\000\000\000\000Gd35",
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000Gd", arcnet = "",
> fiberchannel = "\000\000\000\000Gd35\000\000\000",
> atm =
> "\000\000\000\000Gd35\000\000\000\000Gd35\000\000\000"}}}, larp =
> {arp_spa = 3849399755, arp_tpa = 0,
> etheraddr = "\000\000\000\000\000", pad = 0}, lrarp = {
> arp_tpa = 3849399755, srceaddr = "\000\000\000\000\000",
> tareaddr = "\000\000\000\000\000"}, fragv6 = {ip_src = {
> 3849399755, 0, 0, 0}, ip_dst = {1197749045, 0,
> 1197749045, 0},
> ip_p = 3, resv = 0, flow = 0, ip_id = 0}, frag = {
> ip_src = 3849399755, ip_dst = 0, ip_p = 0 '\0', tp_p =
> 0 '\0',
> pad = {0, 0}, ip_id = 0}}}}}}, ArgusManStart = {hdr = {
> type = 0 '\0', cause = 0 '\0', len = 0}, ar_un = {mar = {status
> = 0,
> argusid = 0, localnet = 0, netmask = 0, nextMrSequenceNum = 0,
> startime = {tv_sec = 0, tv_usec = 0}, now = {tv_sec = 0,
> tv_usec = 0},
> ---Type <return> to continue, or q <return> to quit---
> major_version = 0 '\0', minor_version = 0 '\0',
> interfaceType = 0 '\0', interfaceStatus = 0 '\0',
> reportInterval = 0,
> argusMrInterval = 0, pktsRcvd = 0, bytesRcvd = 0, drift = 0,
> records = 0, flows = 0, dropped = 0, queue = 0, output = 0,
> clients = 0, bufs = 0, bytes = 0, suserlen = 0, duserlen = 0,
> pad = {
> 0, 0, 0}, thisid = 0, record_len = 0}, far = {flow = {hdr = {
> type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data =
> 0}, vl8 = {
> qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}},
> flow_un = {
> ipv6 = {ip_src = {0, 0, 0, 0}, ip_dst = {0, 0, 0, 0},
> ip_p = 0,
> blank = 0, flow = 0, sport = 0, dport = 0}, ip =
> {ip_src = 0,
> ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', sport = 0,
> dport = 0,
> pad = 0}, mac = {ehdr = {ether_dhost =
> "\000\000\000\000\000",
> ether_shost = "\000\000\000\000\000", ether_type = 0},
> dsap = 0 '\0', ssap = 0 '\0'}, icmpv6 = {ip_src = {0,
> 0, 0, 0},
> ip_dst = {0, 0, 0, 0}, ip_p = 0, blank = 0, flow = 0,
> type = 0 '\0', code = 0 '\0', id = 0}, icmp = {ip_src =
> 0,
> ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', type = 0 '\0',
> code = 0 '\0', id = 0, ip_id = 0}, igmpv6 = {ip_src =
> {0, 0, 0,
> 0}, ip_dst = {0, 0, 0, 0}, ip_p = 0, blank = 0, flow
> = 0,
> type = 0 '\0', code = 0 '\0', pad = 0}, igmp = {ip_src
> = 0,
> ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', type = 0 '\0',
> code = 0 '\0', pad = 0, ip_id = 0}, espv6 = {ip_src =
> {0, 0, 0,
> 0}, ip_dst = {0, 0, 0, 0}, ip_p = 0, blank = 0, flow
> = 0,
> ---Type <return> to continue, or q <return> to quit---
> spi = 0}, esp = {ip_src = 0, ip_dst = 0, ip_p = 0 '\0',
> tp_p = 0 '\0', pad = 0, spi = 0}, arp = {hrd = 0, pro =
> 0,
> hln = 0 '\0', pln = 0 '\0', op = 0, arp_spa = 0,
> arp_tpa = 0,
> haddr = {{ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}}, rarp = {hrd = 0,
> pro = 0,
> hln = 0 '\0', pln = 0 '\0', op = 0, arp_tpa = 0, shaddr
> = {{
> ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}, dhaddr = {{
> ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> ---Type <return> to continue, or q <return> to quit---
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}}, iarp = {pro = 0,
> hln = 0 '\0', pln = 0 '\0', arp_spa = 0, arp_tpa = 0,
> haddr = {{
> ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}}, larp = {arp_spa =
> 0,
> arp_tpa = 0, etheraddr = "\000\000\000\000\000", pad =
> 0},
> lrarp = {arp_tpa = 0, srceaddr = "\000\000\000\000\000",
> tareaddr = "\000\000\000\000\000"}, fragv6 = {ip_src =
> {0, 0, 0,
> 0}, ip_dst = {0, 0, 0, 0}, ip_p = 0, resv = 0, flow =
> 0,
> ip_id = 0}, frag = {ip_src = 0, ip_dst = 0, ip_p = 0
> '\0',
> tp_p = 0 '\0', pad = {0, 0}, ip_id = 0}}}}}},
> ArgusOriginal = 0xf7f48570, ArgusGenerateRecordStructBuf = {qhdr = {
> nxt = 0x0, prv = 0x0, queue = 0x0, lasttime = {tv_sec = 0,
> tv_usec = 0},
> logtime = {tv_sec = 0, tv_usec = 0}}, status = 0, dsrindex = 0,
> trans = 0, timeout = 0, idle = 0, bins = 0x0, htblhdr = 0x0,
> hinthdr = 0x0, nsq = 0x0, input = 0x0, dsrs = {0x0 <repeats 19
> times>},
> correlates = 0x0, hdr = {type = 0 '\0', cause = 0 '\0', len = 0},
> canon = {
> hdr = {type = 0 '\0', cause = 0 '\0', len = 0}, flow = {hdr = {
> ---Type <return> to continue, or q <return> to quit---
> type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data = 0},
> vl8 = {
> qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}},
> flow_un = {
> ipv6 = {ip_src = {0, 0, 0, 0}, ip_dst = {0, 0, 0, 0}, ip_p
> = 0,
> blank = 0, flow = 0, sport = 0, dport = 0}, ip = {ip_src
> = 0,
> ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', sport = 0,
> dport = 0,
> pad = 0}, mac = {ehdr = {ether_dhost =
> "\000\000\000\000\000",
> ether_shost = "\000\000\000\000\000", ether_type = 0},
> dsap = 0 '\0', ssap = 0 '\0'}, icmpv6 = {ip_src = {0, 0,
> 0, 0},
> ip_dst = {0, 0, 0, 0}, ip_p = 0, blank = 0, flow = 0,
> type = 0 '\0', code = 0 '\0', id = 0}, icmp = {ip_src = 0,
> ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', type = 0 '\0',
> code = 0 '\0', id = 0, ip_id = 0}, igmpv6 = {ip_src = {0,
> 0, 0,
> 0}, ip_dst = {0, 0, 0, 0}, ip_p = 0, blank = 0, flow = 0,
> type = 0 '\0', code = 0 '\0', pad = 0}, igmp = {ip_src = 0,
> ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', type = 0 '\0',
> code = 0 '\0', pad = 0, ip_id = 0}, espv6 = {ip_src = {0,
> 0, 0,
> 0}, ip_dst = {0, 0, 0, 0}, ip_p = 0, blank = 0, flow = 0,
> spi = 0}, esp = {ip_src = 0, ip_dst = 0, ip_p = 0 '\0',
> tp_p = 0 '\0', pad = 0, spi = 0}, arp = {hrd = 0, pro = 0,
> hln = 0 '\0', pln = 0 '\0', op = 0, arp_spa = 0, arp_tpa
> = 0,
> haddr = {{ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> ---Type <return> to continue, or q <return> to quit---
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}}, rarp = {hrd = 0,
> pro = 0,
> hln = 0 '\0', pln = 0 '\0', op = 0, arp_tpa = 0, shaddr =
> {{
> ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}, dhaddr = {{
> ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}}, iarp = {pro = 0,
> hln = 0 '\0', pln = 0 '\0', arp_spa = 0, arp_tpa = 0,
> haddr = {{
> ethernet = "\000\000\000\000\000",
> ib = '\0' <repeats 31 times>,
> ieee1394 = '\0' <repeats 15 times>,
> ---Type <return> to continue, or q <return> to quit---
> framerelay = "\000\000\000",
> tokenring = "\000\000\000\000\000", arcnet = "",
> fiberchannel = '\0' <repeats 11 times>,
> atm = '\0' <repeats 19 times>}}}, larp = {arp_spa = 0,
> arp_tpa = 0, etheraddr = "\000\000\000\000\000", pad = 0},
> lrarp = {arp_tpa = 0, srceaddr = "\000\000\000\000\000",
> tareaddr = "\000\000\000\000\000"}, fragv6 = {ip_src =
> {0, 0, 0,
> 0}, ip_dst = {0, 0, 0, 0}, ip_p = 0, resv = 0, flow = 0,
> ip_id = 0}, frag = {ip_src = 0, ip_dst = 0, ip_p = 0 '\0',
> tp_p = 0 '\0', pad = {0, 0}, ip_id = 0}}}, trans = {hdr = {
> type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data = 0},
> vl8 = {
> qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}}, srcid
> = {{
> value = 0, ipv4 = 0}}, seqnum = 0}, time = {hdr = {type =
> 0 '\0',
> subtype = 0 '\0', dsr_un = {fl = {data = 0}, vl8 = {qual =
> 0 '\0',
> len = 0 '\0'}, vl16 = {len = 0}}}, src = {start =
> {tv_sec = 0,
> tv_usec = 0}, end = {tv_sec = 0, tv_usec = 0}}, dst =
> {start = {
> tv_sec = 0, tv_usec = 0}, end = {tv_sec = 0, tv_usec =
> 0}}},
> encaps = {hdr = {type = 0 '\0', subtype = 0 '\0', dsr_un = {fl
> = {
> data = 0}, vl8 = {qual = 0 '\0', len = 0 '\0'}, vl16 = {
> len = 0}}}, src = 0, dst = 0}, attr = {hdr = {type = 0
> '\0',
> subtype = 0 '\0', dsr_un = {fl = {data = 0}, vl8 = {qual =
> 0 '\0',
> len = 0 '\0'}, vl16 = {len = 0}}}, src = {ttl = 0 '\0',
> tos = 0 '\0', ip_id = 0, options = 0}, dst = {ttl = 0 '\0',
> ---Type <return> to continue, or q <return> to quit---
> tos = 0 '\0', ip_id = 0, options = 0}}, metric = {hdr = {
> type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data = 0},
> vl8 = {
> qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}}, src = {
> pkts = 0, bytes = 0, appbytes = 0}, dst = {pkts = 0, bytes
> = 0,
> appbytes = 0}}, net = {hdr = {type = 0 '\0', subtype = 0
> '\0',
> dsr_un = {fl = {data = 0}, vl8 = {qual = 0 '\0', len = 0
> '\0'},
> vl16 = {len = 0}}}, net_union = {tcpinit = {status = 0,
> seqbase = 0, options = 0, win = 0, flags = 0 '\0',
> winshift = 0 '\0'}, tcpstatus = {status = 0, src = 0 '\0',
> dst = 0 '\0', pad = "\000"}, tcp = {status = 0, state = 0,
> options = 0, synAckuSecs = 0, ackDatauSecs = 0, src =
> {lasttime = {
> tv_sec = 0, tv_usec = 0}, status = 0, seqbase = 0,
> seq = 0,
> ack = 0, winnum = 0, bytes = 0, retrans = 0, ackbytes =
> 0,
> state = 0, win = 0, winbytes = 0, flags = 0 '\0',
> winshift = 0 '\0'}, dst = {lasttime = {tv_sec = 0,
> tv_usec = 0},
> status = 0, seqbase = 0, seq = 0, ack = 0, winnum = 0,
> bytes = 0, retrans = 0, ackbytes = 0, state = 0, win = 0,
> winbytes = 0, flags = 0 '\0', winshift = 0 '\0'}}, icmp
> = {
> icmp_type = 0 '\0', icmp_code = 0 '\0', iseq = 0,
> osrcaddr = 0,
> odstaddr = 0, isrcaddr = 0, idstaddr = 0, igwaddr = 0},
> icmpv6 = {
> icmp_type = 0 '\0', icmp_code = 0 '\0', cksum = 0}, rtp = {
> state = 0, src = {rh_ver = 0 '\0', rh_p = 0 '\0', rh_x =
> 0 '\0',
> rh_cc = 0 '\0', rh_mark = 0 '\0', rh_pt = 0 '\0',
> rh_seq = 0,
> ---Type <return> to continue, or q <return> to quit---
> rh_time = 0, rh_ssrc = 0}, dst = {rh_ver = 0 '\0',
> rh_p = 0 '\0', rh_x = 0 '\0', rh_cc = 0 '\0', rh_mark =
> 0 '\0',
> rh_pt = 0 '\0', rh_seq = 0, rh_time = 0, rh_ssrc = 0},
> sdrop = 0, ddrop = 0, ssdev = 0, dsdev = 0}, rtcp = {src
> = {
> rh_ver = 0 '\0', rh_p = 0 '\0', rh_rc = 0 '\0', rh_pt =
> 0 '\0',
> rh_len = 0, rh_ssrc = 0}, dst = {rh_ver = 0 '\0', rh_p
> = 0 '\0',
> rh_rc = 0 '\0', rh_pt = 0 '\0', rh_len = 0, rh_ssrc = 0},
> sdrop = 0, ddrop = 0}, igmp = {igmp_type = 0 '\0',
> igmp_code = 0 '\0', igmp_group = 0, jdelay = {tv_sec = 0,
> tv_usec = 0}, ldelay = {tv_sec = 0, tv_usec = 0}}, dhcp
> = {
> respaddr = 0}, esp = {status = 0, spi = 0, lastseq = 0,
> lostseq = 0}, arp = {respaddr = "\000\000\000\000\000",
> pad = 0},
> ah = {src_spi = 0, dst_spi = 0, src_replay = 0, dst_replay
> = 0},
> frag = {fragnum = 0, frag_id = 0, totlen = 0, currlen = 0,
> maxfraglen = 0, pad = 0}}}, mac = {hdr = {type = 0 '\0',
> subtype = 0 '\0', dsr_un = {fl = {data = 0}, vl8 = {qual =
> 0 '\0',
> len = 0 '\0'}, vl16 = {len = 0}}}, mac_union = {ether =
> {ehdr = {
> ether_dhost = "\000\000\000\000\000",
> ether_shost = "\000\000\000\000\000", ether_type = 0},
> dsap = 0 '\0', ssap = 0 '\0'}}}, vlan = {hdr = {type = 0
> '\0',
> subtype = 0 '\0', dsr_un = {fl = {data = 0}, vl8 = {qual =
> 0 '\0',
> len = 0 '\0'}, vl16 = {len = 0}}}, sid = 0, did = 0},
> mpls = {
> hdr = {type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data
> = 0},
> ---Type <return> to continue, or q <return> to quit---
> vl8 = {qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}},
> slabel = 0, dlabel = 0}, icmp = {hdr = {type = 0 '\0',
> subtype = 0 '\0', dsr_un = {fl = {data = 0}, vl8 = {qual =
> 0 '\0',
> len = 0 '\0'}, vl16 = {len = 0}}}, icmp_type = 0 '\0',
> icmp_code = 0 '\0', iseq = 0, osrcaddr = 0, odstaddr = 0,
> isrcaddr = 0, idstaddr = 0, igwaddr = 0}, agr = {hdr = {type
> = 0 '\0',
> subtype = 0 '\0', dsr_un = {fl = {data = 0}, vl8 = {qual =
> 0 '\0',
> len = 0 '\0'}, vl16 = {len = 0}}}, count = 0,
> laststartime = {
> tv_sec = 0, tv_usec = 0}, lasttime = {tv_sec = 0, tv_usec =
> 0},
> act = {n = 0, minval = 0, meanval = 0, stdev = 0, maxval =
> 0}, idle = {
> n = 0, minval = 0, meanval = 0, stdev = 0, maxval = 0}},
> cor = {
> hdr = {type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data
> = 0},
> vl8 = {qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}},
> srcid = {{
> value = 0, ipv4 = 0}}, deltaDur = 0, deltaStart = 0,
> deltaLast = 0}, jitter = {hdr = {type = 0 '\0', subtype = 0
> '\0',
> dsr_un = {fl = {data = 0}, vl8 = {qual = 0 '\0', len = 0
> '\0'},
> vl16 = {len = 0}}}, act = {src = {n = 0, minval = 0,
> meanval = 0,
> stdev = 0, maxval = 0}, dst = {n = 0, minval = 0, meanval
> = 0,
> stdev = 0, maxval = 0}}, idle = {src = {n = 0, minval = 0,
> meanval = 0, stdev = 0, maxval = 0}, dst = {n = 0, minval
> = 0,
> meanval = 0, stdev = 0, maxval = 0}}}, psize = {hdr = {
> type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data = 0},
> vl8 = {
> qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}}, src = {
> ---Type <return> to continue, or q <return> to quit---
> psizemin = 0, psizemax = 0}, dst = {psizemin = 0, psizemax
> = 0}},
> cocode = {hdr = {type = 0 '\0', subtype = 0 '\0', dsr_un = {fl
> = {
> data = 0}, vl8 = {qual = 0 '\0', len = 0 '\0'}, vl16 = {
> len = 0}}}, src = "\000", dst = "\000"}, data = {hdr = {
> type = 0 '\0', subtype = 0 '\0', dsr_un = {fl = {data = 0},
> vl8 = {
> qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}}, size
> = 0,
> count = 0, array = "\000\000\000\000\000\000\000"}}, srate = 0,
> drate = 0, sload = 0, dload = 0, dur = 0, avgdur = 0, sploss = 0,
> dploss = 0, offset = 0},
> ArgusOriginalBuffer = '\0' <repeats 262143 times>,
> ArgusSrcUserData = '\0' <repeats 65535 times>,
> ArgusDstUserData = '\0' <repeats 65535 times>}
> (gdb)
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
More information about the argus
mailing list