Some problems (bugs?) with argus
Carter Bullard
carter at qosient.com
Mon Aug 10 09:46:40 EDT 2009
Always using the latest, argus-3.0.1.beta.5 and argus-
clients-3.0.2.beta.11.
Carter
On Aug 7, 2009, at 4:47 PM, Martijn van Oosterhout wrote:
> Hi,
>
> On Fri, Aug 7, 2009 at 6:47 PM, Carter Bullard<carter at qosient.com>
> wrote:
>> Hey Martijn,
>> We know which IP address sent the syn and the synack in the record.
>> In each TCP DSR there is status, state, all options reported,
>> metrics,
>> etc...
>> by direction, so we have the data in the record. We even know the
>> micro
>> second duration between these two events (print the 'synack' or
>> 'ackdat'
>> field in tcp records).
>
> That's good to know. The source seems to imply its possible but it
> couldn't wrap my brain around it. Thanks for the explanation.
>
>
> <snip example>
>
>> thoth:tmp carter$ argus -r /tmp/test.out -w - | ra
>> StartTime Flgs Proto SrcAddr
>> Sport Dir
>> DstAddr Dport SrcPkts DstPkts SrcBytes
>> DstBytes State
>> 2009/08/07.12:33:01.894824 e tcp
>> 192.168.0.68.51100 ->
>> 17.112.152.32.http 0 15 0
>> 12637 CON
>> 2009/08/07.12:45:47.070834 man 0. 0
>> 20. 1 0 2 0
>> 8985856 STP
>>
>> So this works great.
>
> This is really good, looks like it works for you. What exact version
> are you using here (probably the latest beta, right)? This suggests
> upgrading will solve the problem.
>
> Thank you very much.
> --
> Martijn van Oosterhout <kleptog at gmail.com> http://svana.org/kleptog/
>
Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090810/f934a321/attachment.bin>
More information about the argus
mailing list