Argus giving wrong bytes results ?
Mike Tancsa
mike at sentex.ca
Fri Jul 9 15:28:36 EDT 2010
At 03:12 PM 7/9/2010, Carter Bullard wrote:
>Can you do me a favor? Could you have ra() collect enough of the records,
>rather than the current radium() -> racluster() to see if the bug is
>in writing
>the records out or reading them in. Also, if you could just have
>ra() print the
>netflow records rather than writing them to disk, may indicate that it doesn't
>have an error in converting the netflow to argus, but writing the records to
Hi Carter,
It shows up quite quickly this way (IP addresses changed)
# ra -L0 -n -Zb -C 192.168.1.81:9995
StartTime Flgs Proto SrcAddr Sport Dir
DstAddr Dport TotPkts TotBytes State
15:25:49.846000
Ne tcp 192.168.1.81.53812 -> 10.8.9.1.9010
36028797 1059274779 FSPA_
15:25:37.998000
Ne icmp 192.168.1.81.771 -> 192.168.1.82.0
72057594 4035225266 URP
15:25:51.566000
Ne tcp 192.168.1.81.57886 -> 10.8.9.1.9010
36028797 9367768699 FSPA_
15:25:52.926000
Ne tcp 192.168.1.81.50378 -> 10.8.9.1.9010
36028797 7998674413 FSPA_
15:25:53.662000
Ne tcp 192.168.1.81.50826 -> 10.8.9.1.9010
36028797 7998674413 FSPA_
15:25:55.966000
Ne tcp 192.168.1.81.58986 -> 10.8.9.1.9010
36028797 1052069020 FSPA_
15:25:56.282000
Ne tcp 192.168.1.81.57899 -> 10.8.9.1.9010
36028797 1044863261 FSPA_
15:25:56.914000
Ne tcp 192.168.1.81.61121 -> 10.8.9.1.9010
36028797 1059274779 FSPA_
15:25:59.270000
Ne tcp 192.168.1.81.53056 -> 10.8.9.1.9010
36028797 1052069020 FSPA_
15:25:58.546000
Ne tcp 192.168.1.81.62492 -> 10.8.9.1.9010
36028797 8431019977 FSPA_
15:25:59.814000
Ne tcp 192.168.1.81.54551 -> 10.8.9.1.9010
36028797 1059274779 FSPA_
15:26:00.878000
Ne tcp 192.168.1.81.56269 -> 10.8.9.1.9010
36028797 1059274779 FSPA_
---Mike
More information about the argus
mailing list