argus-3.0.7.5 and argus-clients-3.0.7.18 on the server

Carter Bullard carter at qosient.com
Tue Nov 26 08:22:35 EST 2013 

Hey Jesper,
This is why we have to test and test and test :O(
Something must have crept into the code, as other bizarreness is being reported. However, I am not seeing anything odd.  What machine type and OS are you using ???

Did you print out any records to see if all were corrupt, or only one ??

Can you send a sample argus-3.0.5 output file with the bad TCP data??  If you have a packet file that generates the corrupt data, can you share ???

Sorry, shouldn't be hard to fix.

Carter


> On Nov 26, 2013, at 7:13 AM, Jesper Skou Jensen <jesper.skou.jensen at uni-c.dk> wrote:
> 
> Now that my compiling issues are fixed, I've moved on to testing the new Argus and clients.
> 
> I'm getting some funky results with eg. racount, but ragraph is weird too I think and maybe more ra-clients that I haven't tested with. It looks like an issue with the Argus server and TCP packets.
> 
> Test with argus file written earlier today with Argus version 3.0.7.3
> :~# racount -r old.ra
> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>    sum   4039147     58347562       36023110       22324452 38558018790        8629875276         29928143514
> 
> Test with argus file written just now with Argus version 3.0.7.5
> :~# racount -r new
> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>    sum   4784540     228845934958855649 218118303098026684 10727631860828965 -6720755720319015608 -7008709186520164355 287953466201148747
> 
> :~# racount -r new - not tcp
> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>    sum   2852715     23749856       19396421       4353435 4238739977         3599987646         638752331
> 
> :~# racount -r new - tcp
> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>    sum   1931826     228845934935105793 218118303078630263 10727631856475530 -6720755724557755585 -7008709190120152001 287953465562396416
> 
> 
> Regards
> Jesper
> 
>> On 25-11-2013 18:46, Carter Bullard wrote:
>> Gentle people,
>> New software is available on the developers site.  This is a big push
>> to release, and the packages fix all bugs reported to the mailing list.
>> Argus fixes some direction issues with ARP transactions, and the clients
>> fix a number of issues with filters, radium management records, and
>> adds xz decompression for argus data files.  Many changes to manpages,
>> and there should be new scripts for updating IANA RIR data fetching,
>> to maintain the delegated ip address tables.   There is improvement in
>> GeoIP database use, with some extensions added based on changes in
>> the API.  The code is in the standard places:
>> 
>>    http://qosient.com/argus/dev/argus-latest.tar.gz
>>    http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>> 
>> Please give these a run, and if there are any problems, get those
>> complaints in there, so we can release 3.0.8 by the end of the year.
>> 
>> Hope all is most excellent,
>> 
>> Carter
> 
>

More information about the argus mailing list