new code uploaded - argus cygwin support

Michael Hornung hornung at cac.washington.edu
Thu Sep 13 15:44:05 EDT 2007 

Yes, same segment.  I'll be happy to help!

-Mike

On Thu, 13 Sep 2007 at 15:32, Carter Bullard wrote:

|Hey Mike,
|I think it would be wise to have argus dump these packets to a file, so
|we can try to figure out what kind of beast we're messing with.
|They could be some bizarro new protocol, or a mangled packet.
|If you don't mind, I'll put in some packet dumping logic and a configuration
|entry so we can enable this type of function.
|
|Is this the segment that was causing problems before?
|
|Carter
|
|
|On Sep 13, 2007, at 2:49 PM, Michael Hornung wrote:
|
|> Presumably this following message is the result of a corrupted packet that
|> previously would have made argus crash?
|> 
|>  ArgusWarning: argus[24434]: 13 Sep 07 10:34:21.654167 ArgusNewFlow()
|> flow key is not correct len equals zero
|> 
|> It's still running, and prints ~4 of those messages per hour FYI.  So I
|> guess I have some hokey traffic on this segment, but not a ton of it.
|> 
|> -Mike
|> 
|> On Wed, 12 Sep 2007 at 11:07, Carter Bullard wrote:
|> 
|> |Gentle people,
|> |i have uploaded a new argus-3.0.0 and paired clients for testing.  This adds
|> |a few new features to argus, to solve corrupted packet parsing, and deal
|> |with infiniband and atm networks (arp issues mainly).  The clients have
|> |a lot of changes for content, continuity, etc...   A lot of ragraph bugs
|> fixed,
|> |racluster
|> |fixes, and new support for printing out flow packet size metrics.  Other
|> than
|> |issues with threads, this code is getting close.  hopefully we can resolve
|> the
|> |threads support. or turn it off this week.  Of course if you find a problem,
|> my
|> |apologies, if no problems, well that would be great.
|> |
|> |This version of argus compiles fine under cygwin, and runs on XP and Vista
|> |very well as a service, at least on my laptop.  Lots of work to get that
|> going,
|> |it seems to do well with hibernation and there is support so you don't
|> |have to deal with those awful interface names.  so if anyone is interested
|> |in this, send mail, and we can get some dialog going.  Lots of bit-torrent
|> |traffic to look at with Vista/XP and electric sheep ;o)  A native windows
|> app
|> |is probably going to happen this year for the probe, so if anyone is
|> |interested in the port, holler!!
|> |
|> |I'm typing with one hand today, so be kind if something is really messed
|> |up,
|> |
|> |  ftp://qosient.com/dev/argus-3.0
|> |
|> |Carter
|> |
|> 
|

More information about the argus mailing list