Nondeterministic output
carter at qosient.com
carter at qosient.com
Tue Sep 21 20:10:20 EDT 2010
Hey George,
The initial management record has a "now" timestamp in it, so the files will never be the same.
The different outputs in your last example is not good.
Can you share the packet file that you are using so I can test?
Carter
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: George Jones <fooologist at gmail.com>
Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
Date: Tue, 21 Sep 2010 11:05:00
To: <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] Nondeterministic output
The following command produces different output:
cat foo.pcap | argus -U 64 -r - -w /tmp/foo.ar
cat foo.pcap | argus -U 64 -r - -w /tmp/bar.ar
cksum(1) shows the content differs (but byte count is the same).
More disturbing is different numbers of records output from identical runs
on the same input, etc.
cat foo.pcap | argus -U 64 -r - -w - | racluster -r - -w - | ra -r - | tee
/tmp/1.out
cat foo.pcap | argus -U 64 -r - -w - | racluster -r - -w - | ra -r - | tee
/tmp/2.out
results in slightly different output. Sometimes there are slight
differences in the flgs (packet ordering, I think),
but in a file of several thousand records, I'm getting 6 or so additional
records in one output file vs the other.
Confused,
---George Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100922/f30fc31d/attachment.html>
More information about the argus
mailing list