[PATCH] TcpRtt support in ragraph
Carter Bullard
carter at qosient.com
Tue Aug 26 12:27:33 EDT 2008
I'm working on the documentation.
But the mailing list is there to try to solve problems.
We should fix the DLT_LOOP problem so you can monitor
packets where ever. This is on OpenBSD? Its easy to add
another DLT_* to argus's tables. So for OpenBSD, DLT_LOOP
is defined as "12"?
Carter
On Aug 26, 2008, at 12:10 PM, Tomoyuki Sakurai wrote:
> On Tue, Aug 26, 2008 at 08:56:50AM -0400, Carter Bullard wrote:
>>
>> Any idea how to get packets before they make it to the pf? Nice to
>> get
>> the protection offered by "TCP SYN Proxy" or the "Spoofed Packet
>> Blocking", but it would be nice to monitor the packets before the
>> pf does stuff to them?
>
> In my network, synproxy is done on the external interface, while argus
> is watching packets on the internal interface.
>
> In theory, I beleive argus can see raw traffic if configured to
> monitor
> on the external interface (I might be wrong). But, unfortunately,
> argus
> cannot see packets on the external interface because OpenBSD uses
> different DLT_* value (DLT_LOOP == 12) for PPPoE from the one argus is
> using. There's no standard to define DLT_* value in bpf.h.
>
> The most simple workaround is using a TAP in front of OpenBSD. This is
> not only for workaround, but for performance, IMO. Also, you will not
> suffer the problem like I encounter this time.
>
>> Hope all is most excellent, and I'm glad argus is working for you.
>
> argus 3.x is much better than 2.x for me (especially graphing and
> IPv6).
> I just wish more documentation were available.
>
> --
> Tomoyuki Sakurai
>
More information about the argus
mailing list