new code uploaded - argus cygwin support

Carter Bullard carter at qosient.com
Thu Sep 13 15:32:21 EDT 2007 

Hey Mike,
I think it would be wise to have argus dump these packets to a file, so
we can try to figure out what kind of beast we're messing with.
They could be some bizarro new protocol, or a mangled packet.
If you don't mind, I'll put in some packet dumping logic and a  
configuration
entry so we can enable this type of function.

Is this the segment that was causing problems before?

Carter


On Sep 13, 2007, at 2:49 PM, Michael Hornung wrote:

> Presumably this following message is the result of a corrupted  
> packet that
> previously would have made argus crash?
>
>   ArgusWarning: argus[24434]: 13 Sep 07 10:34:21.654167 ArgusNewFlow()
> flow key is not correct len equals zero
>
> It's still running, and prints ~4 of those messages per hour FYI.   
> So I
> guess I have some hokey traffic on this segment, but not a ton of it.
>
> -Mike
>
> On Wed, 12 Sep 2007 at 11:07, Carter Bullard wrote:
>
> |Gentle people,
> |i have uploaded a new argus-3.0.0 and paired clients for testing.   
> This adds
> |a few new features to argus, to solve corrupted packet parsing,  
> and deal
> |with infiniband and atm networks (arp issues mainly).  The clients  
> have
> |a lot of changes for content, continuity, etc...   A lot of  
> ragraph bugs fixed,
> |racluster
> |fixes, and new support for printing out flow packet size metrics.   
> Other than
> |issues with threads, this code is getting close.  hopefully we can  
> resolve the
> |threads support. or turn it off this week.  Of course if you find  
> a problem, my
> |apologies, if no problems, well that would be great.
> |
> |This version of argus compiles fine under cygwin, and runs on XP  
> and Vista
> |very well as a service, at least on my laptop.  Lots of work to  
> get that going,
> |it seems to do well with hibernation and there is support so you  
> don't
> |have to deal with those awful interface names.  so if anyone is  
> interested
> |in this, send mail, and we can get some dialog going.  Lots of bit- 
> torrent
> |traffic to look at with Vista/XP and electric sheep ;o)  A native  
> windows app
> |is probably going to happen this year for the probe, so if anyone is
> |interested in the port, holler!!
> |
> |I'm typing with one hand today, so be kind if something is really  
> messed
> |up,
> |
> |  ftp://qosient.com/dev/argus-3.0
> |
> |Carter
> |
>

More information about the argus mailing list