Argus 3.0.6 and dnaclusters

Carter Bullard carter at qosient.com
Thu Dec 13 19:35:49 EST 2012 

Well at least it thinks its selectable ;O)
How bout pumping up the -D to 10 or 12?
Carter


On Dec 13, 2012, at 7:17 PM, Chris Wakelin <c.d.wakelin at reading.ac.uk> wrote:

> Here goes :)
> 
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.169756 ArgusNewModeler() returning 0x96d010
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.169941 ArgusNewSource(0x96d010) returning 0x7fe3f76f5010
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.169958 ArgusNewOutput() returning retn 0x96dd00
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171094 setArgusID(0x7fe3f76f5010, 0x7fff9bee08fc, 0x1) done
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171151 setArgusPortNum(561) returning
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171172 ArgusParseResourceFile: ArgusBindAddr "(null)" 
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171196 clearArgusDevice(0x7fe3f76f5010) returning
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171210 setArgusDevice(dnacl:1 at 12) returning
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171741 setArgusInterfaceStatus(0x7fe3f76f5010, 1)
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.172926 ArgusEstablishListen(0x96dd00, 0x7fff9bee2960) binding: ::1:561 family: 10
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.172990 ArgusEstablishListen(0x96dd00, 0x7fff9bee2960) binding: 127.0.0.1:561 family: 2
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173010 ArgusEstablishListen(0x96dd00, 0x7fff9bee2960) returning 4
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173060 ArgusNewSocket (5) returning 0x7fe3f8f1d010
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173167 ArgusInitOutput() done
>> argus-3.0.7.2-cdw[14851]: 14 Dec 12 00:14:48.173200 started
>> argus-3.0.7.2-cdw[14851.0017abf6e37f0000]: 14 Dec 12 00:14:48.173198 ArgusOutputProcess(0x96dd00) starting
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173281 ArgusCloneSource(0x7fe3f76f5010) returning 0x7fe3f5ea6010
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173298 clearArgusDevice(0x7fe3f5ea6010) returning
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200604 ArgusOpenInterface() pcap_open_live(dnacl:1 at 12) returned 0x97d7f0
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200657 Arguslookup_pcap_callback(1) returning 0x413a50
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200668 ArgusOpenInterface(0x7fe3f5ea6010, 'dnacl:1 at 12') returning 1
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200888 ArgusInitModeler(0x99b1b0) done
>> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200898 ArgusInitSource(0x7fe3f5ea6010) returning 1
>> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201035 ArgusGetPackets (0x7fe3f5ea6010) starting
>> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201079 setArgusInterfaceStatus(0x7fe3f5ea6010, 1)
>> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201093 ArgusGetPackets: interface  is selectable
>> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201105 setArgusInterfaceStatus(0x7fe3f5ea6010, 1)
> 
> Best Wishes,
> Chris
> 
> On 14/12/12 00:05, Carter Bullard wrote:
>> Hey Chris,
>> If its not there, I would say there is a problem.  If you run it with "-D 3" for a few packets,
>> where is it saying that it is ?  ArgusGetPackets ?
>> 
>> Carter
>> 
>> 
>> On Dec 13, 2012, at 7:01 PM, Chris Wakelin <c.d.wakelin at reading.ac.uk> wrote:
>> 
>>> That doesn't seem to make any difference, even with no traffic, or if I
>>> make it 5 millseconds. Perhaps it doesn't get to that point in the code?
>>> 
>>> Best Wishes,
>>> Chris
>>> 
>>> On 13/12/12 23:51, Carter Bullard wrote:
>>>> Hmmmm,
>>>> Well on line 3907 in ArgusSource.c, we come out of a series
>>>> of select() calls, and various workarounds, for various bugs, 
>>>> and if we don't have any packets, we set the global time and
>>>> continue.  We could put a nanosleep() there, to give up the
>>>> run queue for a little while.  I'd put it right before the getimeofday()
>>>> call on line 3908.  Maybe sleep for 50 uSeconds?
>>>> 
>>>> Try this patch:
>>>> 
>>>> ==== //depot/argus/argus/argus/ArgusSource.c#104 - /Volumes/Users/carter/argus/argus/argus/ArgusSource.c ====
>>>> 3907a3908,3910
>>>>>                                struct timespec tsbuf = {0, 50000}, *ts = &tsbuf;
>>>>>                                nanosleep(ts, NULL);
>>>>> 
>>>> 
>>>> To see if that doesn't do something?
>>>> 
>>>> Carter 
> 
> -- 
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
> Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/adab97e3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/adab97e3/attachment.bin>

More information about the argus mailing list