Problems with "-n" option

[Rafael Barbosa]

Hi all,

I think I discovered a bug in ra() when using the "-n" option. I while
trying to display the unique saddr and daddr in a argus file using ra() and
some bash scripting I kept getting inconsistent results. In the end
everything seems to boil down to the "-n" option. Basically I get a
different set of results for one of my files depending if this option is
used or not (in my understanding it should only change how the records are
displayed).

For example:
$ ra -nn -r file.argus  -t 2009/01/22 - "some large filter" | wc -l
438457
$ ra  -r file.argus  -t 2009/01/22 - "some large filter" | wc -l
438864

I am trying to generate some file I could share that reproduce the error,
but I am having some problems with it. If I try to copy the file:

$ ra -w bug -nn -r file.argus  -t 2009/01/22 - "some large filter"

Both "ra -r bug | wc" and "ra -r bug -nn | wc" give the same result
(438457), while if I try:

$ ra -w bug -r file.argus  -t 2009/01/22 - "some large filter"

Both "ra -r bug | wc" and "ra -r bug -nn | wc" give the same result
(438864).

If I am able to generate some (anonymized) file I can share, I will post it
afterwards.
I am using version 3.0.3.17 of argus-clients.

--
Rafael Barbosa
http://www.vf.utwente.nl/~barbosarr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100921/bdd39159/attachment.html>