Problems with racluster
Carter Bullard
carter at qosient.com
Mon Oct 8 16:09:10 EDT 2012
Hey Rafael,
So I've been going through your part2.pcap, and its really screwed up.
Did you capture this from normal traffic or did you fabricate the packets?
If fabricated, I'd say don't do that any more.
If you just captured it, could you describe how it is that you came upon
this stream of packets? Can you describe the end systems that generated
this?
Carter
On Sep 28, 2012, at 4:51 AM, Rafael Barbosa <rrbarbosa at gmail.com> wrote:
> Hi Carter,
>
> Good news. This latest version of racluster() seems to solve all aggregation issues reported in this thread.
>
> Let me know about the possible bug in argus, due to the packet duplicates.
>
> Best regards,
> Rafael Barbosa
> http://www.ewi.utwente.nl/~barbosarr/
>
>
>
> On Wed, Sep 26, 2012 at 1:14 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey Rafael,
> OK, so this racluster.c should fix the last set of problems. Run this against your
> data sets to see if its close to what you expect.
>
> Carter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121008/a790def7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121008/a790def7/attachment.bin>
More information about the argus
mailing list