Some problems (bugs?) with argus

Martijn van Oosterhout kleptog at gmail.com
Fri Aug 7 16:47:26 EDT 2009


Hi,

On Fri, Aug 7, 2009 at 6:47 PM, Carter Bullard<carter at qosient.com> wrote:
> Hey Martijn,
> We know which IP address sent the syn and the synack in the record.
> In each TCP DSR there is status, state, all options reported, metrics,
> etc...
> by direction, so we have the data in the record.  We even know the micro
> second duration between these two events (print the 'synack' or 'ackdat'
> field in tcp records).

That's good to know. The source seems to imply its possible but it
couldn't wrap my brain around it. Thanks for the explanation.


<snip example>

> thoth:tmp carter$ argus -r /tmp/test.out -w - | ra
>                  StartTime    Flgs  Proto            SrcAddr   Sport   Dir
>          DstAddr   Dport  SrcPkts  DstPkts     SrcBytes     DstBytes State
> 2009/08/07.12:33:01.894824  e         tcp       192.168.0.68.51100      ->
>    17.112.152.32.http           0       15            0        12637   CON
> 2009/08/07.12:45:47.070834            man                  0.      0
>               20.      1        0        2            0      8985856   STP
>
> So this works great.

This is really good, looks like it works for you. What exact version
are you using here (probably the latest beta, right)? This suggests
upgrading will solve the problem.

Thank you very much.
-- 
Martijn van Oosterhout <kleptog at gmail.com> http://svana.org/kleptog/



More information about the argus mailing list