Argus 3.0.6 and dnaclusters
Craig Merchant
cmerchant at responsys.com
Wed Dec 12 20:37:40 EST 2012
I saw this thread about how to run Argus using PF_RING DNA/libzero:
http://comments.gmane.org/gmane.network.argus/8608
When I looked the ArgusSource.c file, it looks like the logic for detecting the devices has changed.
If I compile argus with the native files and start it with -i dnacluster:10 at 18, it doesn't start.
I tried copying the logic for a "dag" adapter and changed it to "dna" since the physical interface shows up as dna0:
if (strstr(device->name, "dna")) {
for (i = 0; i < src->ArgusInterfaces; i++) {
if (src->ArgusInterface[i].ArgusPd && (pcap_fileno(src->ArgusInterface[i].ArgusPd) > 0))
bzero ((char *)&src->ArgusInterface[i].ifr, sizeof(ifr));
src->ArgusInterface[i].ifr.ifr_flags |= IFF_UP;
setArgusInterfaceStatus(src, 1);
}
return;
}
Argus compiled with that setting is able to start, but it runs at 100% CPU and doesn't display any traffic.
I can do tcpdump -i dnacluster:10 at 18 and see traffic from pfdnacluster_master, so that libzero interface is available.
How can I adjust that file so Argus can use a dnacluster:X at Y interface? It doesn't need to put the interface into promiscuous mode or anything like that. I'm not a developer at all...
Thx.
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/b255295d/attachment.html>
More information about the argus
mailing list