ra printing bug?

Phillip G Deneault deneault at WPI.EDU
Wed Nov 28 08:50:48 EST 2007


So wayyy back in a cold February of Ought-Six, I found this issue in
Argus where entries like 'rtp' and 'rtsp' were being printed in the
protocol field, ignoring the -nnn options.  Well, soon after the
venerable Mr. Van Epp produced a patch and all was once again right with
the world.

However, it does appear to me that this bothersome issue has returned to
ruin another day!  So I once again submit my concern to the venue over
special-casing this 'protocol'.  The 'man' protocol also confuses me,
since I have not seen an RFC on that one at all. :-)

Is there anything we can do to get it fixed in the final release?

Thanks,
Phil

Carter Bullard wrote:
> Hey Phil,
>   The assignement of rtp is different from other protocols, as its
> discovered,
> rather than just a lookup out of the IP protocol table.  So, it misses
> the logic
> of checking for -nn or -nnn and just prints the string.   Thats an easy
> one.
> You can fix this by modifying the line in ArgusPrintProto so that it
> puts out
> the udp protocol number instead of "rtp".  Not sure about rtsp?
> 
> Carter
> 
> 
> Phillip G Deneault wrote:
> 
>> Has anyone else noticed a problem where one can try to use the -nnn
>> switches in ra to not resolve protocols and ra continues to resolve some
>> flows as things like 'rtp' and 'rtsp'?  Is there a way to stop this and
>> just have it give me the numbers?
>>
>> This seems like inconsistant behavior with what happens for all other
>> traffic that gets returned, since I really want protocol numbers.
>>
>> Phil
>>
>>  
>>


-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Phil Deneault              "We work in the dark. We do what we can.
deneault at wpi.edu                              We give what we have.
Network Security Officer 		  Our doubt is our passion,
Network Operations                     and our passion is our task.
Worcester Polytechnic Institute    The rest is the madness of art."
http://www.wpi.edu/~deneault/   		      - Henry James
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




More information about the argus mailing list