Argus Freezes

Carter Bullard carter at qosient.com
Mon Nov 15 12:45:03 EST 2010 

The default is 60 seconds, but you may have an /etc/argus.conf file that overrides this value.
Try "-S 1" just to see how it goes.

Carter

On Nov 15, 2010, at 12:38 PM, Sunjeet Singh wrote:

> Upon more inspection,
> 
> 1. If I take the -S 86400 clause out of the command, the size of the .argus file grows quicker. 
> 
> 2. Most of the lines in the .argus file that is 1.8MB look like-
> 13:49:55.089264    s       tcp      x     ->      y        14        672   TIM
> 13:49:55.099318    s       tcp      p     ->      y        14        672   TIM
> 13:49:55.109202    s       tcp      q     ->      y        14        672   TIM
> 13:49:55.119555    s       tcp      r     ->      y        14        672   TIM
> 13:49:55.128928    s       tcp      z     ->      y        14        672   TIM
> 
> 
> So it seems like Argus is working but very slowly. I don't know how to tackle this problem. I have this 1.6 GB pcap file that I want to summarize to flow-level using Argus but because this is a DDOS trace Argus is very time consuming. 
> 
> I'd greatly appreciate any help on this.
> Thank you,
> Sunjeet Singh
> 
> 
> On 10-11-15 9:12 AM, Sunjeet Singh wrote:
>> 
>> Hi,
>> 
>> I'm using Argus 3.0.3.18 on 64-bit Mac OS X Snow Leopard.
>> 
>> I am trying to use the command-
>> argus -S 86400 -r nettrace.pcap -w nettrace.argus
>> 
>> on a file nettrace.pcap of size 1.6 GB and with only tcp packets. This command keeps running indefinitely. Upon monitoring the size of the nettrace.argus file when this command is executing, I found that its size is stagnant at 8 KB and as soon as I abort that command the size becomes 1.8 MB. 
>> 
>> Argus is working great for other (smaller) traces that I am analyzing. The only thing that makes this trace different from the others is that this is a trace collected at a host witnessing a DDOS attack.
>> 
>> Can you please help me figure this out?
>> 
>> Thank you,
>> Sunjeet Singh
>> 
>> 
> 

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101115/c6f8ebe6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101115/c6f8ebe6/attachment.bin>

More information about the argus mailing list