argus-3.0.7.5 and argus-clients-3.0.7.18 on the server

Jesper Skou Jensen jesper.skou.jensen at uni-c.dk
Tue Nov 26 07:13:54 EST 2013 

Now that my compiling issues are fixed, I've moved on to testing the new 
Argus and clients.

I'm getting some funky results with eg. racount, but ragraph is weird 
too I think and maybe more ra-clients that I haven't tested with. It 
looks like an issue with the Argus server and TCP packets.

Test with argus file written earlier today with Argus version 3.0.7.3
:~# racount -r old.ra
racount   records     total_pkts     src_pkts       dst_pkts 
total_bytes        src_bytes          dst_bytes
     sum   4039147     58347562       36023110       22324452 
38558018790        8629875276         29928143514

Test with argus file written just now with Argus version 3.0.7.5
:~# racount -r new
racount   records     total_pkts     src_pkts       dst_pkts 
total_bytes        src_bytes          dst_bytes
     sum   4784540     228845934958855649 218118303098026684 
10727631860828965 -6720755720319015608 -7008709186520164355 
287953466201148747

:~# racount -r new - not tcp
racount   records     total_pkts     src_pkts       dst_pkts 
total_bytes        src_bytes          dst_bytes
     sum   2852715     23749856       19396421       4353435 
4238739977         3599987646         638752331

:~# racount -r new - tcp
racount   records     total_pkts     src_pkts       dst_pkts 
total_bytes        src_bytes          dst_bytes
     sum   1931826     228845934935105793 218118303078630263 
10727631856475530 -6720755724557755585 -7008709190120152001 
287953465562396416


Regards
Jesper

On 25-11-2013 18:46, Carter Bullard wrote:
> Gentle people,
> New software is available on the developers site.  This is a big push
> to release, and the packages fix all bugs reported to the mailing list.
> Argus fixes some direction issues with ARP transactions, and the clients
> fix a number of issues with filters, radium management records, and
> adds xz decompression for argus data files.  Many changes to manpages,
> and there should be new scripts for updating IANA RIR data fetching,
> to maintain the delegated ip address tables.   There is improvement in
> GeoIP database use, with some extensions added based on changes in
> the API.  The code is in the standard places:
>
>     http://qosient.com/argus/dev/argus-latest.tar.gz
>     http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>
> Please give these a run, and if there are any problems, get those
> complaints in there, so we can release 3.0.8 by the end of the year.
>
> Hope all is most excellent,
>
> Carter
>
>
>
>
>

More information about the argus mailing list