Argus 3.0.6 and dnaclusters

Carter Bullard carter at qosient.com
Thu Dec 13 10:35:35 EST 2012 

Hey Craig,
We worked this out quite a bit a few months ago, on the list, and argus-3.0.7.2
has a lot of changes to make non-selectable interfaces work better.  All tested
on Napatech interfaces.

Here is a preliminary copy of argus-3.0.7.2 that should work well, but we may
have to make an additional name change, if the dnacluster interface doesn't
respond to the ioctl's properly.

Please give this a try;  yell if it doesn't work, and send a note if it does.
If you have any problems, yell at me !!!!

Carter



On Dec 12, 2012, at 8:37 PM, Craig Merchant <cmerchant at responsys.com> wrote:

> I saw this thread about how to run Argus using PF_RING DNA/libzero:
>  
> http://comments.gmane.org/gmane.network.argus/8608
>  
> When I looked the ArgusSource.c file, it looks like the logic for detecting the devices has changed.
>  
> If I compile argus with the native files and start it with –i dnacluster:10 at 18, it doesn’t start.
>  
> I tried copying the logic for a “dag” adapter and changed it to “dna” since the physical interface shows up as dna0:
>  
>    if (strstr(device->name, "dna")) {
>       for (i = 0; i < src->ArgusInterfaces; i++) {
>          if (src->ArgusInterface[i].ArgusPd && (pcap_fileno(src->ArgusInterface[i].ArgusPd) > 0))
>             bzero ((char *)&src->ArgusInterface[i].ifr, sizeof(ifr));
>  
>          src->ArgusInterface[i].ifr.ifr_flags |= IFF_UP;
>          setArgusInterfaceStatus(src, 1);
>       }
>       return;
>    }
>  
> Argus compiled with that setting is able to start, but it runs at 100% CPU and doesn’t display any traffic.
>  
> I can do tcpdump –i dnacluster:10 at 18 and see traffic from pfdnacluster_master, so that libzero interface is available.
>  
> How can I adjust that file so Argus can use a dnacluster:X at Y interface?  It doesn’t need to put the interface into promiscuous mode or anything like that.  I’m not a developer at all…
>  
> Thx.
> 
> Craig

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/19dfb5a2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus-3.0.7.2.tar.gz
Type: application/x-gzip
Size: 499914 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/19dfb5a2/attachment.bin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/19dfb5a2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/19dfb5a2/attachment-0001.bin>

More information about the argus mailing list