no smac an dmac with ubuntu
Peter Van Epp
vanepp at sfu.ca
Fri Jul 4 17:56:07 EDT 2008
On Fri, Jul 04, 2008 at 11:34:27PM +0200, Jochen Haemmerle wrote:
> Hi,
>
> I discovered a strange problem with argus and ubuntu (7.10 and 8.04).
> I use argus to create an "argus.dump" file
>
> argus -r pcapfile -w argus.dump
>
> If I then use ra to show mit saddr smac daddr and dmac it only shows saddr
> and daddr and reports that the smac and dmac are empty.
>
> ra -M xml -r argus.dump
>
> Here comes the strange thing. If I create the argus.dump file with my
> Debian (unstable) machine then ra displays everything as expected.
> Therefore I guess there's something wrong with my argus binary, but what?
>
> I use argus-3.0.0 build from source using the libpcap and the other
> dependencies from the package management (libpcap 0.9.8).
>
> Is there anything wrong with ubuntu?
>
> regards
> Jochen
Nope, working as designed. You need to add the -m flag to the argus
instance (or enable macs in the config file). By default MAC information isn't
captured ... (been there, been bitten by this :-)).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list