argus-clients-3.0.7.1 with full netflow v.9 support

Carter Bullard carter at qosient.com
Fri Aug 24 09:26:57 EDT 2012


Hey Torbjorn,
Great and thanks for giving the code a run !!!!
Any chance I can get a packet capture of the netflow traffic ra* is trying to read ?
May only need a few packets, but something so I can debug the problem ?

Thanks again !!!!!

Carter



On Aug 23, 2012, at 8:07 AM, Torbjorn.Wictorin at its.uu.se wrote:

> hello
> 
> ra fails after about 5-10 records when listening on netflow:
> 
> 01:00:00.000000 N            udp      2.1.1.1.34451 1.2.9.5.route
> 01:00:00.000000 N            udp      1.2.1.1.52659 1.2.9.1.route
> 04:54:52.000000 N            udp      2.3.9.0.15366 1.2.9.1.route
> 01:00:00.000000 N            udp      3.2.1.1.38558 1.2.9.1.route
> 23:10:28.000000 N            udp      9.2.1.3.28598 1.2.9.1.route
> *** glibc detected *** ra: free(): invalid next size (normal): 
> 0x0000000000b62cd0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x7f833e5559a8]
> /lib/libc.so.6(cfree+0x76)[0x7f833e557ab6]
> ra[0x43cdad]
> ra[0x48914e]
> ra[0x4893f8]
> ra[0x48b97a]
> ra[0x457393]
> ra[0x40618f]
> /lib/libc.so.6(__libc_start_main+0xe6)[0x7f833e5001a6]
> ra[0x403ba9]
> ======= Memory map: ========
> 00400000-004ba000 r-xp 00000000 08:01 8110634                            
> /usr/local/src/argus/argus-clients-3.0.7.1/bin/ra
> 006ba000-006c9000 rw-p 000ba000 08:01 8110634                            
> /usr/local/src/argus/argus-clients-3.0.7.1/bin/ra
> 006c9000-00b9c000 rw-p 00000000 00:00 0                                  
> ...
> 
> Note that the time stamps in the records produced are abnormal.
> Linux/amd64. IP:s above falsified.
> 
> Torbjörn Wictorin, Uppsala univ.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120824/c009c1e0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120824/c009c1e0/attachment.bin>


More information about the argus mailing list