man records in 3.0

Peter Van Epp vanepp at
Tue Sep 23 14:26:27 EDT 2008

On Tue, Sep 23, 2008 at 01:51:42PM -0400, Carter Bullard wrote:
> Hey Peter,
> I think the most important thing is to make the changes so the script is
> logical and intelligible.  So, if we are having direction problems, we
> really should fix them.  Between v2 and v3, I took out the cleverness
> that we had to 'correct' the direction, as it was slightly flawed (scans
> especially), and it hid the "ground truth" of the packets on the wire.
> The direction had been a complex set of conditions in the probe
> and in the client reading the data stream, so the work to clean that
> up should have worked.  If not, definitely need to fix it.
> Adding support for printing missing fields is always high on the list.
> Regarding the argusid of the v3 records, printing the 'srcid' of a v3
> man record doesn't print the argusid.  Definitely need to fix that.
> OK, so this thread has a number of changes to consider, could you
> give me a brief list of what you need to get the ball rolling?  I've
> got print initial mar record with the version string in the 'dir' field
> as the #1.  Anything next?
> Carter

	The version number in the man records does it for me (at least so far
:-)). With that I can figure out what to do on V3 records when I get time
(hopefully soon trouble willing :-)). As noted it may be  "don't do much at 
all as the direction is now right :-). As noted I think a v2 data stream being 
processed by the 3.0 client is working fine now all I need to do is clean up 
v3 data stream issues and I should be good to go for one last release of the 
traffic scripts which I promised someone months ago :-). The source ID isn't 
biting me but also doesn't seem to be correct and thats the only other issue 
I know of. 

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list