argus-clients-3.0.7.4 on the server - Netflow -V9

Carter Bullard carter at qosient.com
Wed Dec 19 19:40:44 EST 2012 

Hey Nikki,
Hmmmm, that should have done it.  Sure you were running the mod'd version :O)

I need the actual packets to debug.  But we may be able to generate enough debug
information to divine what is going on.

I'll put together a version that will generate a bunch of debug information, and
we'll see what that sez.  I'll send that tomorrow.

Carter

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



On Dec 19, 2012, at 7:12 PM, "Nichole K. Boscia" <Nichole.K.Boscia at nasa.gov> wrote:

> 
> Hi Carter!
> 
> That was super-fast, thanks! So I copied those two files into common, make cleaned, make, but I'm still not seeing any IPv6 traffic. I'd be interested to know if anyone else has tried it and has gotten it to work.
> 
> What do you need for the flow captures, just a very verbose tcpdump? I can do that and then sanitize the actual IP addresses for you. Let me know if that's good enough.
> 
> Thanks again!
> -Nikki
> 
> -------------------------------------------
> Nichole K. Boscia
> Senior Network Engineer, CSC
> NASA Advanced Supercomputing Division
> Ames Research Center, Moffett Field, CA 94035
> 
> On Wed, 19 Dec 2012, Carter Bullard wrote:
> 
>> Date: Wed, 19 Dec 2012 00:02:01 -0600
>> From: Carter Bullard <carter at qosient.com>
>> To: "Boscia, Nichole K. (ARC-TN)[Computer Sciences Corporation]"
>>    <nichole.boscia at nasa.gov>
>> Cc: "argus-info at lists.andrew.cmu.edu" <argus-info at lists.andrew.cmu.edu>
>> Subject: Re: [ARGUS] argus-clients-3.0.7.4 on the server  - Netflow -V9
>> Hey Nikki,
>> I have a new version of the netflow V9 -> argus import routines for you to test.
>> (got a little excited, and I think that this may do it).  If you replace these two source
>> code files in your client distribution, you should be able to see V6 flows.
>> I still need to do the IPv6 ICMP flow conversions, so if this works, I'll make
>> the changes very quickly.
>> 
>> Move the included argus_import.c and argus_util.c files into your clients
>> ./common directory, then make.
>> 
>> There is a bit of a potential issue with little endian architectures.  We will
>> convert the network order 128 bit IPv6 address into an array of 4 32-bit
>> little endian ints.  This should be correct, but you never know, so if your
>> IPv6 addresses look weird, then we'll have to tweak that a bit.
>> 
>> Carter
>> 
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121219/b1906a3d/attachment.bin>

More information about the argus mailing list