Argus w/ napatech libpcap

Carter Bullard carter at qosient.com
Thu Jun 21 10:43:16 EDT 2012


Hey Aleksander,
Your debug output is inconsistent with the latest argus-3.0.6.1 release code.
If you haven't recently downloaded the newest code, grab it from the server

   http://qosient.com/argus/src/argus-3.0.6.1.tar.gz

You said that vanilla tcpdump, compiled against the napatech libpcap works? 
We try to do just what tcpdump() does, just for this reason.  What version
of tcpdump are you using?

Carter



On Jun 21, 2012, at 1:32 AM, Aleksander wrote:

> Hi Carter,
> 
>   Thanks for patch and the quick response.  I am using a new card
> with the latest drivers (3GD).  I applied the patch, but it didn't
> seem to help.  I added "nap" as you directed, and also tried adding
> the full interface name as well, but no luck.  I tried renaming the
> virtual interface to "dag" just for kicks, but it didn't seem to make
> any difference.  If I use Argus compiled with the Napatech libpcap
> against a non-Napatech interface (eth0), it does capture packets.
> 
> Here's the debug output from my last failed attempt:
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966058 ArgusCalloc
> (1, 3144) returning 0xcda010
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966183
> ArgusNewModeler() returning 0xcda010
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966202 ArgusCalloc
> (1, 4237248) returning 0x7f5f11f65010
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966217
> ArgusNewSource(0xcda010) returning 0x7f5f11f65010
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966232 ArgusCalloc
> (1, 312) returning 0xcdad40
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966242 ArgusCalloc
> (1, 152) returning 0xcdb7b0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966250 ArgusNewQueue
> () returning 0xcdb7b0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966261 ArgusCalloc
> (1, 152) returning 0xcdb850
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966269 ArgusNewList
> () returning 0xcdb850
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966277 ArgusCalloc
> (1, 152) returning 0xcdb8f0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966284 ArgusNewList
> () returning 0xcdb8f0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966291
> ArgusNewOutput() returning retn 0xcdad40
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966309
> setArgusMarReportInterval(60) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966338
> clearArgusDevice(0x7f5f11f65010) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966352 ArgusCalloc
> (1, 152) returning 0xcdb990
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:17.966360 ArgusNewList
> () returning 0xcdb990
> argus[14758]: NT_Init: shmem_hbseg_fifo: expected signature:
> version=17236 magic=2a0102a2 size=4644880
> argus[14758]: NT_Init: shmem_hbseg_fifo: actual signature..:
> version=17236 magic=2a0102a2 size=4644880
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428706 ArgusCalloc
> (1, 64) returning 0xcdc1a0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428728
> ArgusPushFrontList (0xcdb990, 0xcdc1a0, 1) returning 0x39a6
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428748
> setArgusDevice(nap2 ) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428763
> ArgusDeleteList ((nil), 2) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428773 ArgusCalloc
> (1, 152) returning 0xcdc210
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428781 ArgusNewList
> () returning 0xcdc210
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428789 ArgusCalloc
> (1, 24) returning 0xcdaea0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428797
> ArgusPushFrontList (0xcdc210, 0xcdaea0, 1) returning 0x39a6
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.428806
> setArgusInterfaceStatus(0x7f5f11f65010, 1)
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.429295 ArgusCalloc
> (1, 592056) returning 0xee3f90
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.440846 ArgusCalloc
> (1, 128) returning 0x101d270
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.440862
> getArgusID(0x7f5f11f65010) done
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.440870
> getArgusIDType(0x7f5f11f65010) done
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.440887
> ArgusGenerateInitialMar() returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.440896
> ArgusPopFrontList (0xcdaea0) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.440904 ArgusCalloc
> (1, 168) returning 0x101d300
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441016 ArgusCalloc
> (1, 262256) returning 0x101d3b0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441026 ArgusCalloc
> (1, 152) returning 0x105d430
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441034 ArgusNewList
> () returning 0x105d430
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441043
> ArgusNewSocket (8) returning 0x101d3b0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441095
> ArgusAddToQueue (0xcdb7b0, 0x101d300) returning 1
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441107
> ArgusPushBackList (0xcdc210, 0xcdaea0, 1) returning 1
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441116
> ArgusDeleteList (0xcdc210, 2) 1 items on list
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441123
> ArgusPopFrontList (0xcdaea0) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441131 ArgusFree (0xcdaea0)
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441144 ArgusFree (0xcdc210)
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441155
> ArgusDeleteList (0xcdc210, 2) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441222 ArgusInitOutput() done
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.441243
> ArgusOutputProcess(0xcdad40) starting
> argus[14758]: 21 Jun 12 00:11:18.441253 started
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.441292
> ArgusOutputProcess() looping
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.441311
> ArgusOutputProcess() waiting for input list
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441300
> ArgusPopFrontList (0xcdc1a0) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441365 ArgusCalloc
> (1, 4237248) returning 0x7f5ec9ff3010
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441376 ArgusCalloc
> (1, 152) returning 0xcdc210
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441384 ArgusNewList
> () returning 0xcdc210
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441400
> ArgusCloneSource(0x7f5f11f65010) returning 0x7f5ec9ff3010
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441411
> ArgusPopFrontList ((nil)) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441419
> clearArgusDevice(0x7f5ec9ff3010) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.441427
> ArgusPushBackList (0xcdc210, 0xcdc1a0, 1) returning 1
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.445094
> ArgusPopFrontList (0xcdc1a0) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.445143
> ArgusOpenInterface() pcap_open_live(nap2) returned 0x105d610
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447355
> Arguslookup_pcap_callback(1) returning 0x4170e5
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447370
> ArgusOpenInterface(0x7f5ec9ff3010, 'nap2') returning 1
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447379
> ArgusPushBackList (0xcdc210, 0xcdc1a0, 1) returning 1
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447433 ArgusCalloc
> (1, 3144) returning 0x105d970
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447449 ArgusCalloc
> (1, 64) returning 0x105e5c0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447544 ArgusCalloc
> (65536, 8) returning 0x105e610
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447554
> ArgusNewHashTable (65536) returning 0x105e5c0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447562 ArgusCalloc
> (1, 104) returning 0x10de620
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447570 ArgusCalloc
> (1, 152) returning 0x10de690
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447577 ArgusNewQueue
> () returning 0x10de690
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447585 ArgusCalloc
> (1, 152) returning 0x10de730
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447592 ArgusNewQueue
> () returning 0x10de730
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447599 ArgusCalloc
> (1, 112) returning 0x10de7d0
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447607 ArgusCalloc
> (1, 40) returning 0x10de850
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447615 ArgusCalloc
> (1, 80) returning 0x10de880
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447623 ArgusCalloc
> (1, 1096) returning 0x10de8e0
> <repeats 20 times>
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447796
> ArgusInitMallocList (1048) returning
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447803
> ArgusInitModeler(0x105d970) done
> argus[14758.001737125f7f0000]: 21 Jun 12 00:11:18.447811
> ArgusInitSource(0x7f5ec9ff3010) returning 1
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.447878
> ArgusGetPackets (0x7f5ec9ff3010) starting
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.447903
> ArgusPopFrontList (0xcdc1a0) returning
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.447912
> ArgusPushFrontList (0xcdc210, 0xcdc1a0, 1) returning 0x39af
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.447925
> setArgusInterfaceStatus(0x7f5ec9ff3010, 1)
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.447934
> setArgusInterfaceStatus(0x7f5ec9ff3010, 0)
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.447942
> ArgusGetPackets: no interfaces up: sleeping
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.541368
> ArgusOutputStatusTime(0xcdad40) done
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.541380
> ArgusOutputProcess() checking out clients
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.541388
> ArgusOutputProcess() done with clients
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.541395
> ArgusOutputProcess() looping
> argus[14758.00e7dfca5e7f0000]: 21 Jun 12 00:11:18.541402
> ArgusOutputProcess() waiting for input list
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.598057
> ArgusOpenInterface() pcap_open_live(nap2) returned 0x7f5ec40008c0
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600281
> Arguslookup_pcap_callback(1) returning 0x4170e5
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600295
> ArgusOpenInterface(0x7f5ec9ff3010, 'nap2') returning 1
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600305
> ArgusUpdateTime (0x105d970) global time 1340255478.447941 update
> 1340255478.647941 returning 1
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600314
> ArgusPopFrontList (0xcdc1a0) returning
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600321
> ArgusPushFrontList (0xcdc210, 0xcdc1a0, 1) returning 0x39af
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600329
> setArgusInterfaceStatus(0x7f5ec9ff3010, 1)
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600340
> ArgusProcessQueueTimeout(0x105d970, 0x10de690) done with 0 records
> argus[14758.0027ffc95e7f0000]: 21 Jun 12 00:11:18.600349
> ArgusGetPackets: no interfaces up: sleeping
> `
> 
> 
> On Wed, Jun 20, 2012 at 8:14 AM, Carter Bullard <carter at qosient.com> wrote:
>> Hey Aleksander,
>> This debug message may be the one to pay attention to.
>>   argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.679550 ArgusGetPackets: no interfaces up: sleeping
>> 
>> If argus doesn't think any interfaces are up, it won't try to read any packets.
>> For DAG cards, we have to put in special code to fool it into thinking that the
>> interface is up.  We may have to do the same thing with Napatech cards.
>> 
>> Is this a new card ?
>> 
>> If you are willing to be a guinea pig, try adding this patch to ./argus/ArgusSource.c.
>> 
>> ==== //depot/argus-3.0.6/argus/argus/ArgusSource.c#2 - /Volumes/Users/carter/argus/release/argus-3.0.6/argus/argus/ArgusSource.c ====
>> ***************
>> *** 4182,4188 ****
>>     if (device == NULL)
>>        return;
>> 
>> !    if (strstr(device->name, "dag")) {
>>        for (i = 0; i < src->ArgusInterfaces; i++) {
>>           if (src->ArgusInterface[i].ArgusPd && (pcap_fileno(src->ArgusInterface[i].ArgusPd) > 0))
>>              bzero ((char *)&src->ArgusInterface[i].ifr, sizeof(ifr));
>> --- 4182,4188 ----
>>     if (device == NULL)
>>        return;
>> 
>> !    if (strstr(device->name, "dag") || strstr(device->name, "nap")) {
>>        for (i = 0; i < src->ArgusInterfaces; i++) {
>>           if (src->ArgusInterface[i].ArgusPd && (pcap_fileno(src->ArgusInterface[i].ArgusPd) > 0))
>>              bzero ((char *)&src->ArgusInterface[i].ifr, sizeof(ifr));
>> 
>> This should get you past the idle interface problem.
>> Send email if that helps, and I'll add it to the main code base.
>> 
>> Carter
>> 
>> 
>> On Jun 20, 2012, at 12:45 AM, Aleksander wrote:
>> 
>>> Over the past few days I have been working with a Napatech 1G card.
>>> For the most part I’ve been successful at getting the card to create
>>> virtual interfaces and sniff traffic with tcpdump and snort.  However,
>>> I’ve not been able to figure out why Argus is not able to process
>>> packets from the Napatech virtual interface…  Argus appears to run
>>> without crashing (non-demon mode), but I’m not able to generate any
>>> flows.  If I capture packets with tcpdump, and later read the pcap
>>> with Argus, I am able to generate flows.  Any hints or assistance you
>>> can provide would be greatly appreciated.
>>> 
>>> Environment:
>>> RHEL 6.2 x86_64
>>> Vendor modified libpcap-1.1.1
>>> Argus v3.0.6.1
>>> 
>>> Here’s how I’ve compiled argus:  $ ./configure –with-libpcap=/opt/vendordir
>>> 
>>> This debug entry seems interesting, but I’m not sure what to do next:
>>> “ArgusGetPackets: no interfaces up: sleeping
>>> 
>>> $ ./argus -D 6 -i nap2 -w /tmp/out.argus
>>> 
>>> Argus debugging output:
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050054 ArgusCalloc
>>> (1, 3144) returning 0x9d1010
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050173
>>> ArgusNewModeler() returning 0x9d1010
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050191 ArgusCalloc
>>> (1, 4237248) returning 0x7f6376fae010
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050204
>>> ArgusNewSource(0x9d1010) returning 0x7f6376fae010
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050217 ArgusCalloc
>>> (1, 312) returning 0x9d1d40
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050229 ArgusCalloc
>>> (1, 152) returning 0x9d27b0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050237 ArgusNewQueue
>>> () returning 0x9d27b0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050247 ArgusCalloc
>>> (1, 152) returning 0x9d2850
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050255 ArgusNewList
>>> () returning 0x9d2850
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050263 ArgusCalloc
>>> (1, 152) returning 0x9d28f0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050270 ArgusNewList
>>> () returning 0x9d28f0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050277
>>> ArgusNewOutput() returning retn 0x9d1d40
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050294
>>> setArgusMarReportInterval(60) returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050326
>>> clearArgusDevice(0x7f6376fae010) returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050341 ArgusCalloc
>>> (1, 152) returning 0x9d2990
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.050349 ArgusNewList
>>> () returning 0x9d2990
>>> 
>>> argus[16918]: NT_Init: shmem_hbseg_fifo: expected signature:
>>> version=17236 magic=2a0102a2 size=4644880
>>> 
>>> argus[16918]: NT_Init: shmem_hbseg_fifo: actual signature..:
>>> version=17236 magic=2a0102a2 size=4644880
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508215 ArgusCalloc
>>> (1, 64) returning 0x9d31a0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508239
>>> ArgusPushFrontList (0x9d2990, 0x9d31a0, 1) returning 0x4216
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508258
>>> setArgusDevice(nap2 ) returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508272
>>> ArgusDeleteList ((nil), 2) returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508282 ArgusCalloc
>>> (1, 152) returning 0x9d3210
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508290 ArgusNewList
>>> () returning 0x9d3210
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508298 ArgusCalloc
>>> (1, 24) returning 0x9d1ea0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508306
>>> ArgusPushFrontList (0x9d3210, 0x9d1ea0, 1) returning 0x4216
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508315
>>> setArgusInterfaceStatus(0x7f6376fae010, 1)
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.508792 ArgusCalloc
>>> (1, 592056) returning 0xbdaf90
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520375 ArgusCalloc
>>> (1, 128) returning 0xd14270
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520405
>>> ArgusGenerateInitialMar() returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520415 ArgusCalloc
>>> (1, 168) returning 0xd14300
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520529 ArgusCalloc
>>> (1, 262256) returning 0xd143b0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520539 ArgusCalloc
>>> (1, 152) returning 0xd54430
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520547 ArgusNewList
>>> () returning 0xd54430
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520556
>>> ArgusNewSocket (8) returning 0xd143b0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520596
>>> ArgusPushBackList (0x9d3210, 0x9d1ea0, 1) returning 1
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520606
>>> ArgusDeleteList (0x9d3210, 2) 1 items on list
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520614 ArgusFree (0x9d1ea0)
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520627 ArgusFree (0x9d3210)
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520635
>>> ArgusDeleteList (0x9d3210, 2) returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520705 ArgusInitOutput() done
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.520728
>>> ArgusOutputProcess(0x9d1d40) starting
>>> 
>>> argus[16918]: .520733 started
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.520763
>>> ArgusOutputProcess() looping
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.520774
>>> ArgusOutputProcess() waiting for input list
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520788 ArgusCalloc
>>> (1, 4237248) returning 0x7f632eff3010
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520801 ArgusCalloc
>>> (1, 152) returning 0x9d3210
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520809 ArgusNewList
>>> () returning 0x9d3210
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520829
>>> ArgusCloneSource(0x7f6376fae010) returning 0x7f632eff3010
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520838
>>> clearArgusDevice(0x7f632eff3010) returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.520846
>>> ArgusPushBackList (0x9d3210, 0x9d31a0, 1) returning 1
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.524599
>>> ArgusOpenInterface() pcap_open_live(nap2) returned 0xd54610
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526650
>>> Arguslookup_pcap_callback(1) returning 0x4170e5
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526661
>>> ArgusOpenInterface(0x7f632eff3010, 'nap2') returning 1
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526670
>>> ArgusPushBackList (0x9d3210, 0x9d31a0, 1) returning 1
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526728 ArgusCalloc
>>> (1, 3144) returning 0xd54970
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526744 ArgusCalloc
>>> (1, 64) returning 0xd555c0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526858 ArgusCalloc
>>> (65536, 8) returning 0xd55610
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526867
>>> ArgusNewHashTable (65536) returning 0xd555c0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526875 ArgusCalloc
>>> (1, 104) returning 0xdd5620
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526883 ArgusCalloc
>>> (1, 152) returning 0xdd5690
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526890 ArgusNewQueue
>>> () returning 0xdd5690
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526897 ArgusCalloc
>>> (1, 152) returning 0xdd5730
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526905 ArgusNewQueue
>>> () returning 0xdd5730
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526912 ArgusCalloc
>>> (1, 112) returning 0xdd57d0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526920 ArgusCalloc
>>> (1, 40) returning 0xdd5850
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526928 ArgusCalloc
>>> (1, 80) returning 0xdd5880
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.526936 ArgusCalloc
>>> (1, 1096) returning 0xdd58e0
>>> 
>>> <repeats 8 times>
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527017 ArgusCalloc
>>> (1, 1096) returning 0xdd7fb0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527026 ArgusCalloc
>>> (1, 1096) returning 0xdd8400
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527033 ArgusCalloc
>>> (1, 1096) returning 0xdd8850
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527044 ArgusCalloc
>>> (1, 1096) returning 0xdd8ca0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527053 ArgusCalloc
>>> (1, 1096) returning 0xdd90f0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527061 ArgusCalloc
>>> (1, 1096) returning 0xdd9540
>>> 
>>> <repeats 5 times>
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527109 ArgusCalloc
>>> (1, 1096) returning 0xddaad0
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527117
>>> ArgusInitMallocList (1048) returning
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527124
>>> ArgusInitModeler(0xd54970) done
>>> 
>>> argus[16918.00a73b77637f0000]: 19 Jun 12 23:19:24.527132
>>> ArgusInitSource(0x7f632eff3010) returning 1
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.527192
>>> ArgusGetPackets (0x7f632eff3010) starting
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.527214
>>> ArgusPushFrontList (0x9d3210, 0x9d31a0, 1) returning 0x421f
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.527251
>>> setArgusInterfaceStatus(0x7f632eff3010, 0)
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.527263
>>> ArgusGetPackets: no interfaces up: sleeping
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.620843
>>> ArgusOutputProcess() checking out clients
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.620855
>>> ArgusOutputProcess() done with clients
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.620863
>>> ArgusOutputProcess() looping
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.620870
>>> ArgusOutputProcess() waiting for input list
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.677372
>>> ArgusOpenInterface() pcap_open_live(nap2) returned 0x7f63280008c0
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.679516
>>> Arguslookup_pcap_callback(1) returning 0x4170e5
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.679528
>>> ArgusOpenInterface(0x7f632eff3010, 'nap2') returning 1
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.679538
>>> ArgusPushFrontList (0x9d3210, 0x9d31a0, 1) returning 0x421f
>>> 
>>> argus[16918.0027ff2e637f0000]: 19 Jun 12 23:19:24.679550
>>> ArgusGetPackets: no interfaces up: sleeping
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.720932
>>> ArgusOutputProcess() checking out clients
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.720942
>>> ArgusOutputProcess() done with clients
>>> 
>>> argus[16918.00e7df2f637f0000]: 19 Jun 12 23:19:24.720950
>>> ArgusOutputProcess() looping
>>> 
>>> <snip>
>> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120621/0907133b/attachment.bin>


More information about the argus mailing list