argus proto field

carter at qosient.com carter at qosient.com
Tue May 26 07:13:22 EDT 2009 

Hey Rodney,
The support for the GeoIP databases is an example of how we are supporting geolocation.  That database set provides origin AS labeling, lat/lon, city, state, country, area codes, and zip codes.  The AS numbers are stored in an ASN struct, and we provide space for 32-bit AS numbers, filtering, sorting, etc....
I have a DSR for the lat/lon data, but filtering and sorting is not finished, and all the other information is stored as meta data in the Label DSR.

Carter
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Rodney McKee <rmckee at aconex.com>

Date: Sun, 24 May 2009 06:09:47 
To: Argus<argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] argus proto field


Ok, their it got mentioned again. 


We have 22 dsrs in an argus record now, including the newer 
geolocation data elements. 
What are these geolocation dsrs and how are they used? 


----- "Carter Bullard" <carter at qosient.com> wrote: 
> Hey CS Lee, 
The "flgs" field is intended as a quick reference, with explicit 
ordering of status. Its not intended as a status reporting element. 

> 
I think you would like a means to dump the complete semantics 
of each DSR. Right now we have, what is it, 132 fields that you 
can print out. Looks we need more fields. 

> 
We have 22 dsrs in an argus record now, including the newer 
geolocation data elements. 


> 
What do you think, if we had something like this: 
ra -r argus.file -s dsr:flow,net 

> 
and you got the complete contents of the Flow dsr and the 
Network dsr, which would have your TCP status, and all its 
indications, would that be a way of doing it? This probably 
would only be available when you specify 

> 
"-M xml" 

> 
? 

> 

Carter 

> 

On May 22, 2009, at 9:41 PM, CS Lee wrote: 


hi carter, 
> 
> In the proto field, there is protocol specific and its designation, my question is what if in particular flow we do see packet retransmission, and we also see tcp out of order or maybe unknown ip option set, etc. But the flow will only show one of them, is that possible to make it show all of them. 
> 
> Proto 
> e * 
> 
> It would make troubleshooting much easier if we can see all of them. 
> 
> Thanks. 
> 

> 

-- 













Rodney McKee 
Linux systems administrator 
	Aconex 
The easy way to save time and money on your project 

696 Bourke Street, Melbourne 
Tel: +61 3 9240 0200 Fax: +61 3 9240 0299 
Email: rmckee at aconex.com www.aconex.com 
This email and any attachments are intended solely for the addressee. The contents may be privileged, confidential and/or subject to copyright or other applicable law. 
No confidentiality or privilege is lost by an erroneous transmission. If you have received this e-mail in error, please let us know by reply e-mail and delete or destroy 
this mail and all copies. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. The sender takes no 
responsibility for the effect of this message upon the recipient's computer system. 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090526/272a686d/attachment.html>

More information about the argus mailing list