Argus on Bivio 7500

Peter Van Epp vanepp at sfu.ca
Thu Aug 6 20:14:15 EDT 2009 

On Thu, Aug 06, 2009 at 10:22:27AM -0400, Jason Carr wrote:
> Sorry, maybe I was not clear...  what I meant to say is that if you run 
> tethereal -i default it will capture everything on any devices that the 
> node has been assigned to use (tcpdump doesn't work right on Bivio but 
> tethereal does).

	This seems to be a wireshark varient. From the online man page 
try 

tehtereal -D

that should give you a list of the interfaces supported (same as -D in 
tcpdump). That should give you a list of the available interfaces which 
likely includes default since it seems to be opening correctly. 
	Looking at the trace (comments inline) it looks like pcap in the
end doesn't return any packets and thus argus closes. Perhaps something 
odd with the Bivio pcap when default is the interface type (I'm assuming 
argus works if you specify a single interface)?

>
> I attached the debug log for argus when I run argus:
>
> /usr/local/sbin/argus -X -U 128 -i default -P 561 -e 1 -D 999
<various argus housekeeping snipped>

> argus[459]: 06 Aug 09 10:17:19.928253 ArgusOpenInterface() pcap_open_live(default) returned 0x1012dae8

	This looks to be after a successful pcap open in line 108 of
ArgusSource.c (at least in beta.5). If the open had errored we should see
a different message from line 137 with an error message, so it looks like 
it has accepted "default" as a valid pcap device to open and returned a 
handle to it. 

> argus[459]: 06 Aug 09 10:17:19.928339 Arguslookup_pcap_callback(1) returning 0x1000e940

	This looks to have returned a handler for the callback successfully.

> argus[459]: 06 Aug 09 10:17:19.928379 ArgusOpenInterface(0x30070008, 'default') returning

	and returns an argus device and device name of "default" which it looks
to have opened successfully.

> argus[459]: 06 Aug 09 10:17:19.928411 ArgusPushBackList (0x1012d430, 0x1012dac8, 1) returning 1
> argus[459]: 06 Aug 09 10:17:19.928512 ArgusInitSource() returning
> argus[459]: 06 Aug 09 10:17:19.928553 ArgusCalloc (1, 40) returning 0x1012dd38
> argus[459]: 06 Aug 09 10:17:19.928586 ArgusNewList () returning 0x1012dd38
> argus[459]: 06 Aug 09 10:17:19.928626 ArgusCalloc (1, 128) returning 0x1012dd68
> argus[459]: 06 Aug 09 10:17:19.928663 ArgusGenerateInitialMar() returning
> argus[459]: 06 Aug 09 10:17:19.933547 ArgusEstablishListen(561, 0x7f8c3258) binding: any:561 family: 2
> argus[459]: 06 Aug 09 10:17:19.933646 ArgusEstablishListen(561, 0x7f8c3258) returning 4
> argus[459]: 06 Aug 09 10:17:19.933685 ArgusInitOutput() done
> argus[459]: 06 Aug 09 10:17:19.933729 started
> argus[459]: 06 Aug 09 10:17:19.933874 ArgusCalloc (1, 32) returning 0x1012ddf0
> argus[459]: 06 Aug 09 10:17:19.933911 ArgusInitMallocList (632) returning
> argus[459]: 06 Aug 09 10:17:19.933943 ArgusInitModeler() done
> argus[459]: 06 Aug 09 10:17:19.933980 ArgusGetPackets (0x30070008) starting
> argus[459]: 06 Aug 09 10:17:19.934034 ArgusPopFrontList (0x1012dac8) returning
> argus[459]: 06 Aug 09 10:17:19.934071 ArgusPushFrontList (0x1012d430, 0x1012dac8, 1) returning 0xd032
> argus[459]: 06 Aug 09 10:17:19.953894 setArgusInterfaceStatus(0)
> argus[459]: 06 Aug 09 10:17:19.989382 ArgusProcessQueueTimeout(0x1012d008, 0x1012d3e8) done
> argus[459]: 06 Aug 09 10:17:19.989445 ArgusQueueManager() turns 1    statusQueue 0    qs 0  items 0    cache 0      resort 0      reclaim 0      new 0      sends 0        bsends 0       
> argus[459]: 06 Aug 09 10:17:19.989498 ArgusOutputProcess(0x1012d9f0) starting
> argus[459]: 06 Aug 09 10:17:19.989551 ArgusOutputStatusTime(0x1012d9f0) done

	It appears the open pcap process doesn't return anything and thus
Argus returns thinking there aren't any more (or any in this case) packets 
coming and shuts down. 

> argus[459]: 06 Aug 09 10:17:19.989588 ArgusGetPackets () returning
> argus[459]: 06 Aug 09 10:17:19.989621 main() ArgusGetPackets returned: shuting down
> 
> argus[459]: 06 Aug 09 10:17:19.989673 ArgusShutDown(Normal Shutdown)
> 
> argus[459]: 06 Aug 09 10:17:19.989707 ArgusCloseSource(0x30070008) starting
> argus[459]: 06 Aug 09 10:17:19.989744 ArgusPopFrontList (0x1012dac8) returning
> argus[459]: 06 Aug 09 10:17:19.989775 ArgusFree (0x1012dac8)
> argus[459]: 06 Aug 09 10:17:19.989816 ArgusFree (0x1012d430)
> argus[459]: 06 Aug 09 10:17:19.989852 ArgusDeleteList (0x1012d430, 3) returning
> argus[459]: 06 Aug 09 10:17:19.989886 ArgusCloseSource(0x30070008) deleting source
> argus[459]: 06 Aug 09 10:17:19.989928 ArgusModelerCleanUp ArgusProcessQueue(0x1012d3e8) processing status queue with 0 records
> argus[459]: 06 Aug 09 10:17:19.989962 ArgusPopQueue (0x1012d3e8) returning 0x0
> argus[459]: 06 Aug 09 10:17:19.989998 ArgusFree (0x1012d3e8)
> argus[459]: 06 Aug 09 10:17:19.990031 ArgusDeleteQueue (0x1012d3e8) returning
> argus[459]: 06 Aug 09 10:17:19.990063 ArgusModelerCleanUp () returning
> argus[459]: 06 Aug 09 10:17:19.990112 ArgusFree (0x3002f008)
> argus[459]: 06 Aug 09 10:17:19.990152 ArgusFree (0x1012d360)
> argus[459]: 06 Aug 09 10:17:19.990194 ArgusCalloc (1, 660) returning 0x1012de18
> argus[459]: 06 Aug 09 10:17:19.990231 ArgusMallocListRecord (632) returning 0x1012de34
> argus[459]: 06 Aug 09 10:17:19.990265 ArgusGenerateListRecord (0x1012d008, 0x0, 48) done
> argus[459]: 06 Aug 09 10:17:19.990299 ArgusPushBackList (0x1012d330, 0x1012de34, 1) returning 1
> argus[459]: 06 Aug 09 10:17:19.990333 ArgusCloseModeler(0x1012d008) pushing close record 0x1012de34
> argus[459]: 06 Aug 09 10:17:19.990370 ArgusFree (0x1012d378)
> argus[459]: 06 Aug 09 10:17:19.990406 ArgusFree (0x1012d978)
> argus[459]: 06 Aug 09 10:17:19.990436 ArgusCloseModeler(0x1012d008)
> argus[459]: 06 Aug 09 10:17:19.990471 ArgusCloseOutput() scheduling closure after writing records
> argus[459]: 06 Aug 09 10:17:19.990504 ArgusOutputProcess(0x1012d9f0) starting
> argus[459]: 06 Aug 09 10:17:19.990538 ArgusOutputStatusTime(0x1012d9f0) done
> argus[459]: 06 Aug 09 10:17:19.990574 ArgusLoadList (0x1012d330, 0x1012dd38) load 1 objects
> argus[459]: 06 Aug 09 10:17:19.990608 ArgusPopFrontList (0x1012de34) returning
> argus[459]: 06 Aug 09 10:17:19.990643 ArgusOutputProcess() received rec 0x1012de34 totals 1 seq 0
> argus[459]: 06 Aug 09 10:17:19.990677 ArgusFreeListRecord (0x1012de34) returning
> argus[459]: 06 Aug 09 10:17:19.990711 ArgusMallocListRecord (632) returning 0x1012de34
> argus[459]: 06 Aug 09 10:17:19.990751 ArgusGenerateStatusMarRecord(0x1012d9f0, 48) returning 0x1012de34
> argus[459]: 06 Aug 09 10:17:19.990785 ArgusOutputProcess() received stop record 0 records on the list
> argus[459]: 06 Aug 09 10:17:19.990820 ArgusFreeListRecord (0x1012de34) returning
> argus[459]: 06 Aug 09 10:17:19.990853 ArgusFree (0x1012d330)
> argus[459]: 06 Aug 09 10:17:19.990884 ArgusDeleteList (0x1012d330, 4) returning
> argus[459]: 06 Aug 09 10:17:19.990920 ArgusFree (0x1012dd38)
> argus[459]: 06 Aug 09 10:17:19.990953 ArgusDeleteList (0x1012dd38, 4) returning
> argus[459]: 06 Aug 09 10:17:19.990986 ArgusFree (0x1012dd68)
> argus[459]: 06 Aug 09 10:17:19.991017 ArgusCloseOutput(0x1012d9f0) done
> argus[459]: 06 Aug 09 10:17:19.991050 ArgusFree (0x1012d9f0)
> argus[459]: 06 Aug 09 10:17:19.991083 ArgusFree (0x1012d008)
> argus[459]: 06 Aug 09 10:17:19.991168 ArgusFree (0x30070008)
> argus[459]: 06 Aug 09 10:17:19.991220 ArgusShutDown()

Peter Van Epp

More information about the argus mailing list