Argus 3.0.7.2 vs. 3.0.6.1
Jesper Skou Jensen
jesper.skou.jensen at uni-c.dk
Tue Jun 11 04:59:42 EDT 2013
Hi guys,
I'm in the process of setting up a new Argus box and decided to try out
the newest development version of Argus instead of the somewhat old
stable version. BUT... It turns out that the new Argus isn't capturing
remotely as much data as the old one, and I'm trying to figure out why
this is happening, if it's an error at my end, or it's a bug. I hope you
guys can help out.
I have captured two identical streams on one Argus running 3.06.1 and
another running 3.0.7.2. Then I have selected the same 1 minute segment
(with the -t option) and are now comparing those.
# racount -r argus_3.0.6.1.ra
racount records total_pkts src_pkts dst_pkts
total_bytes src_bytes dst_bytes
sum 250712 3763810 2148834 1614976
2568139699 641553337 1926586362
# racount -r argus_3.0.7.2.ra
racount records total_pkts src_pkts dst_pkts
total_bytes src_bytes dst_bytes
sum 109070 502597 322519 180078
385799043 190698708 195100335
If I use ragraph to draw some graphs it's very clear that the 3.7.0.2
captures around 1/6th of the traffic.
Any ideas why?
--
Regards
Jesper Skou Jensen
UNI-C
More information about the argus
mailing list