argus-clients-3.0.7.4 on the server - Netflow -V9
Nichole K. Boscia
Nichole.K.Boscia at nasa.gov
Wed Dec 19 19:12:54 EST 2012
Hi Carter!
That was super-fast, thanks! So I copied those two files into common, make
cleaned, make, but I'm still not seeing any IPv6 traffic. I'd be interested to
know if anyone else has tried it and has gotten it to work.
What do you need for the flow captures, just a very verbose tcpdump? I can do
that and then sanitize the actual IP addresses for you. Let me know if that's
good enough.
Thanks again!
-Nikki
-------------------------------------------
Nichole K. Boscia
Senior Network Engineer, CSC
NASA Advanced Supercomputing Division
Ames Research Center, Moffett Field, CA 94035
On Wed, 19 Dec 2012, Carter Bullard wrote:
> Date: Wed, 19 Dec 2012 00:02:01 -0600
> From: Carter Bullard <carter at qosient.com>
> To: "Boscia, Nichole K. (ARC-TN)[Computer Sciences Corporation]"
> <nichole.boscia at nasa.gov>
> Cc: "argus-info at lists.andrew.cmu.edu" <argus-info at lists.andrew.cmu.edu>
> Subject: Re: [ARGUS] argus-clients-3.0.7.4 on the server - Netflow -V9
>
> Hey Nikki,
> I have a new version of the netflow V9 -> argus import routines for you to test.
> (got a little excited, and I think that this may do it). If you replace these two source
> code files in your client distribution, you should be able to see V6 flows.
> I still need to do the IPv6 ICMP flow conversions, so if this works, I'll make
> the changes very quickly.
>
> Move the included argus_import.c and argus_util.c files into your clients
> ./common directory, then make.
>
> There is a bit of a potential issue with little endian architectures. We will
> convert the network order 128 bit IPv6 address into an array of 4 32-bit
> little endian ints. This should be correct, but you never know, so if your
> IPv6 addresses look weird, then we'll have to tweak that a bit.
>
> Carter
>
>
More information about the argus
mailing list