radium providing random user data

Carter Bullard carter at qosient.com
Mon Nov 16 13:16:06 EST 2009


Hey Jason,
With each status record, we capture another "whatever number of bytes" of
user data.  If argus generates 5 status records for a flow, you'll get 5 sets of
user data being captured.   You maybe seeing user data from the middle
of a session?

Carter

On Nov 16, 2009, at 1:11 PM, Jason Carr wrote:

> Hello everyone,
> 
> I'm running argus-3.0.2 server and client.  The server is running on a ppc architecture machine, specifically a Bivio box.  The client portion is running on an amd64 machine.
> 
> I use radium on the amd64 box to connect and multiplex multiple argii running on my Bivio box and it dumps the file onto disk.  Reading this file via 'ra -r filename -s +suser:128 -s +duser:128' provides all of the normal data, such as time, IPs, ports, etc.  The user data seems to be completely off.  Oddly enough connecting directly to the argii with ra on the amd64 system that radium is running on, real data is displayed.  ra on the ppc machine displays real data as well.
> 
> Any thoughts as to why this is happening?
> 
> Thanks,
> 
> Jason
> 
> --
> Jason Carr
> Information Security Engineer
> Information Security Office
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091116/70073429/attachment.bin>


More information about the argus mailing list