Too many inputs

Dave Edelman dedelman at iname.com
Tue Nov 30 01:11:02 EST 2010 

You might want to figure out the correct sequence of the pcap files using
something like tcpdump to look at the timestamp of the first packet in each.

 

for i in file*; do echo -n "$i  "; tcpdump -c 1 -r $i;  done

 

From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
[mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
Behalf Of Rafael Barbosa
Sent: Monday, November 29, 2010 10:01 AM
To: carter at qosient.com
Cc: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu; Argus
Subject: Re: [ARGUS] Too many inputs

 

Hi,

 

In this test I ran version 3.0.2. I think last time I updated the clients, I
forgot to update argus... I will update my binaries before continuing.

 

Trying to solve my problem I used 'mergecap' (part of wireshark) to merge
the files, and then read load then into argus. However I had problems with
packet timestamps, such as:

 

argus[4311]: 29 Nov 10 15:49:01.766800 ArgusInterface timestamps wayyy out
of order: now 1233014770 then 1233577523

 

Now I am trying to understand where out of order packets are coming from.
Kinda frustrating...

 

--
Rafael Barbosa

http://www.vf.utwente.nl/~barbosarr/





On Mon, Nov 29, 2010 at 2:46 PM, <carter at qosient.com> wrote:

Hey Rafael,
The number of inputs is a constant defined in the ./argus/ArgusSource.h
include file. You can increase that number to whatever to process files, but
there are limits to the number of fd's that you may run into.

What version are you running, I couldn't find your exact error string in the
3.0.3 codebase. Just curious.

Carter 


Carter 

Sent from my Verizon Wireless BlackBerry

  _____  

From: Rafael Barbosa <rrbarbosa at gmail.com> 

Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu 

Date: Fri, 26 Nov 2010 14:34:58 +0100

To: Argus<argus-info at lists.andrew.cmu.edu>

Subject: [ARGUS] Too many inputs

 

Hi all,

 

When trying to read several hundreds of small pcap files (100MB) to create a
argus flow file I ran into a problem. When I tried:

$> argus -r dump* -w file.argus

 

I got the following error:

argus[34458]: 26 Nov 10 14:29:02.394286 ArgusOpenInputPacketFile: too many
inputs max is 5

 

Is it possible to overcome this limitation without merging the files
manually?

 

Thanks,
Rafael Barbosa

http://www.vf.utwente.nl/~barbosarr/

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101130/01e241e2/attachment.html>

More information about the argus mailing list