radium providing random user data
Jason Carr
jcarr at andrew.cmu.edu
Mon Nov 16 13:34:53 EST 2009
Hi Carter,
All flows are non-plaintext flows, which super confusing, even though if I connect directly there is plenty of plaintext flows.
Thanks,
Jason
On Nov 16, 2009, at 1:16 PM, Carter Bullard wrote:
> Hey Jason,
> With each status record, we capture another "whatever number of bytes" of
> user data. If argus generates 5 status records for a flow, you'll get 5 sets of
> user data being captured. You maybe seeing user data from the middle
> of a session?
>
> Carter
>
> On Nov 16, 2009, at 1:11 PM, Jason Carr wrote:
>
>> Hello everyone,
>>
>> I'm running argus-3.0.2 server and client. The server is running on a ppc architecture machine, specifically a Bivio box. The client portion is running on an amd64 machine.
>>
>> I use radium on the amd64 box to connect and multiplex multiple argii running on my Bivio box and it dumps the file onto disk. Reading this file via 'ra -r filename -s +suser:128 -s +duser:128' provides all of the normal data, such as time, IPs, ports, etc. The user data seems to be completely off. Oddly enough connecting directly to the argii with ra on the amd64 system that radium is running on, real data is displayed. ra on the ppc machine displays real data as well.
>>
>> Any thoughts as to why this is happening?
>>
>> Thanks,
>>
>> Jason
>>
>> --
>> Jason Carr
>> Information Security Engineer
>> Information Security Office
>>
>>
>
More information about the argus
mailing list