Time Issue on OpenBSD 4.2 with rc.69 (Was: Re: Sparc64 OpenBSD4.1 Compile issue)
Peter Van Epp
vanepp at sfu.ca
Mon Feb 11 15:22:24 EST 2008
Rather than reinvent the wheel (and/or read the email chain :-)) did
you have to do something to IP V6 to make argus work? My argus seems to only
open an IP V6 listener not V4 and ra on FreeBSD gets connection refused.
My first thought was firewall but that seems to be already disabled and the
problem is no V4 listener:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 test5.ssh test4.50010 ESTABLISHED
tcp 0 0 test5.ssh test4.49962 ESTABLISHED
tcp 0 0 localhost.submissi *.* LISTEN
tcp 0 0 localhost.smtp *.* LISTEN
tcp 0 0 *.ssh *.* LISTEN
tcp 0 0 *.time *.* LISTEN
tcp 0 0 *.daytime *.* LISTEN
tcp 0 0 *.auth *.* LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp6 0 0 *.560 *.* LISTEN
...
Unfortunatly we only have Solaris on any of the 64 bit Suns but I have
Suse on 64 bit machines.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
On Mon, Feb 11, 2008 at 02:12:50PM -0600, Eric Pancer wrote:
> On Mon, 2008-02-11 at 11:46:19 -0800, Peter Van Epp proclaimed...
>
> > Local seems to work fine which may point to the socket code:
> >
> > # argus -d -i rl0 -w test.argus
> > # ra -r test.argus -n
>
> [snip]
>
> > time is wrong but thats the machine :-) and I don't have Eric's patches in so
> > ratop didn't build (but ra appears to have).
> >
>
> Yes, we have good time from the file here too! (i386)
>
> ra -nr foo.cap <
> 2008-02-11 14:08:1 * llc 0:d:29:4b:c:26.66 -> 1:80:c2:0:0:0.66 60 3720 INT
> 2008-02-11 14:08:2 e tcp 10.154.223.177.22 <?> 10.154.223.223.3737 24 2520 CON
> 2008-02-11 14:08:2 e d tcp 10.154.223.223.2324 <?> 10.154.223.177.22 408 43104 CON
> 2008-02-11 14:08:2 e udp 10.154.223.3.1985 -> 224.0.0.2.1985 13 806 INT
> 2008-02-11 14:08:2 e udp 10.154.223.2.1985 -> 224.0.0.2.1985 13 806 INT
> 2008-02-11 14:08:2 * udp 10.154.198.3.1985 -> 224.0.0.2.1985 14 924 INT
> 2008-02-11 14:08:2 * udp 10.154.198.2.1985 -> 224.0.0.2.1985 14 924 INT
> 2008-02-11 14:08:2 e tcp 10.154.223.177.18056 <?> 10.152.23.39.80 4 264 FIN
> 2008-02-11 14:08:2 e tcp 10.154.223.177.9491 <?> 10.152.23.39.80 4 264 FIN
> 2008-02-11 14:08:2 * arp 10.154.198.3 who 10.154.198.16 9 576 INT
> 2008-02-11 14:08:3 e tcp 10.154.223.177.18368 <?> 10.154.215.170.80 4 264 FIN
> 2008-02-11 14:08:3 e tcp 10.154.223.177.1491 <?> 10.154.215.170.80 4 264 FIN
> 2008-02-11 14:08:3 e d tcp 10.154.223.177.26935 -> 10.154.215.170.80 43 23269 FIN
> 2008-02-11 14:08:3 e udp 10.154.223.177.20331 <-> 10.152.23.12.53 2 221 CON
> 2008-02-11 14:08:3 e udp 10.154.223.177.33705 <-> 10.152.23.12.53 2 335 CON
> 2008-02-11 14:08:3 e d tcp 10.154.223.177.35005 -> 10.154.215.170.80 23 12253 FIN
> 2008-02-11 14:08:3 e d tcp 10.154.223.177.25924 ->
>
>
> How about sparc64?
>
> $ date
> Mon Feb 11 14:10:30 CST 2008
> $ ra -nr foo.cap
> 1970-01-08 01:18:2 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
> 1970-01-10 02:52:1 * llc 0:d:29:4b:c:25.66 -> 1:80:c2:0:0:0.66 1 60 INT
> 1970-01-10 04:43:0 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
> 1970-01-10 04:56:2 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
> 1970-01-11 14:44:3 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
> 1970-01-01 02:55:5 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
> 1970-01-01 03:08:2 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
> 1970-01-01 03:12:0 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
> 1970-01-01 03:15:3 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
> 1970-01-01 19:18:1 e udp 10.154.223.2.1985 -> 224.0.0.2.1985 1 62 INT
> 1970-01-02 21:08:4 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
> 1970-01-02 21:21:5 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
> 1970-01-02 21:25:2 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
> 1970-01-02 21:28:4 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
> 1970-01-04 10:54:3 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
> 1970-01-04 11:07:1 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
> 1970-01-04 11:10:4 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
> 1970-01-04 11:13:5 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
>
> Damn, no go there.
>
> So, taking flows from a file on i386 gives good time, but using sockets to
> i386 or sparc64 doesn't work. Taking flows from a file on sparc64 doesn't
> give good time, nor does it in taking flows from i386 or sparc64.
>
> - Eric
More information about the argus
mailing list