Argus Freezes

[Sunjeet Singh]

Upon more inspection,

1. If I take the -S 86400 clause out of the command, the size of the 
.argus file grows quicker.

2. Most of the lines in the .argus file that is 1.8MB look like-
13:49:55.089264    s       tcp      x     ->      y        14        
672   TIM
13:49:55.099318    s       tcp      p     ->      y        14        
672   TIM
13:49:55.109202    s       tcp      q     ->      y        14        
672   TIM
13:49:55.119555    s       tcp      r     ->      y        14        
672   TIM
13:49:55.128928    s       tcp      z     ->      y        14        
672   TIM


So it seems like Argus is working but very slowly. I don't know how to 
tackle this problem. I have this 1.6 GB pcap file that I want to 
summarize to flow-level using Argus but because this is a DDOS trace 
Argus is very time consuming.

I'd greatly appreciate any help on this.
Thank you,
Sunjeet Singh


On 10-11-15 9:12 AM, Sunjeet Singh wrote:
> Hi,
>
> I'm using Argus 3.0.3.18 on 64-bit Mac OS X Snow Leopard.
>
> I am trying to use the command-
> /argus -S 86400 -r nettrace.pcap -w nettrace.argus/
>
> on a file nettrace.pcap of size 1.6 GB and with only tcp packets. This 
> command keeps running indefinitely. Upon monitoring the size of the 
> nettrace.argus file when this command is executing, I found that its 
> size is stagnant at 8 KB and as soon as I abort that command the size 
> becomes 1.8 MB.
>
> Argus is working great for other (smaller) traces that I am analyzing. 
> The only thing that makes this trace different from the others is that 
> this is a trace collected at a host witnessing a DDOS attack.
>
> Can you please help me figure this out?
>
> Thank you,
> Sunjeet Singh
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101115/90ec4b4b/attachment.html>