Proto 0 not displaying in ra
David Edelman
dedelman at iname.com
Thu Jun 20 20:49:23 EDT 2013
Jesse,
I’m not sure that your filter expression is valid. If you are looking for any of the IP related protocols then this does work on 3.0.7.10. When I use a filter of – proto 0 it does not provide any records
racount -M proto -M addr -r * - ip
racount records total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
sum 2896 13853 7739 6114 4833073 1107119 3725954
Protocol Summary
icmp 95 296 296 0 40960 40960 0
igmp 354 354 354 0 22656 22656 0
tcp 1172 10855 5375 5480 3983163 443295 3539868
udp 1252 2291 1657 634 775907 589821 186086
ipv6 12 24 24 0 2064 2064 0
udp 3 4 4 0 1914 1914 0
udp 7 29 29 0 6409 6409 0
Address Summary
IPv4 Unicast src 1 dst 45
IPv4 Unicast This Network src 1 dst 1
IPv4 Unicast Private src 18 dst 8
IPv4 Unicast Reserved src 1 dst 24
IPv4 Multicast Local src 0 dst 4
IPv4 Multicast Internet src 0 dst 2
IPv4 Multicast Reserved src 0 dst 1
IPv4 Multicast SiteLocal src 0 dst 1
IPv6 LinkLocal src 10 dst 0
IPv6 Multicast Link Local src 0 dst 10
From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On Behalf Of Jesse Bowling
Sent: Thursday, June 20, 2013 2:53 PM
To: argus-info
Subject: [ARGUS] Proto 0 not displaying in ra
Hi,
So I started with an racount:
# racount -M proto -M addr -r 6-18-13.argus
<snip>
racount records total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
0 1148 6377 6377 0 2710225 2710225 0
</snip>
I found that interesting so I wanted to look at the original records:
# ra -r 6-18-13.argus - proto 0
#
I'm using 3.0.7.9, and this appears to be a bug...Let me know if I can help debug...
Cheers,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130620/e6d357c1/attachment.html>
More information about the argus
mailing list