ranonymize time in v3.0.8.2
Gabriel L. Somlo via Argus-info
argus-info at lists.andrew.cmu.edu
Tue Sep 27 13:57:47 EDT 2016
Hi,
I tried running 'ranonymize' on a data file, using v3.0.8.2 (FWIW,
compiled from source, on an Ubuntu 14.04 box).
While both network translation (RANON_SPECIFY_NET_TRANSLATION) and
host translation (RANON_SPECIFY_HOST_TRANSLATION) appear to work as
advertised, I'm having trouble adjusting the timestamps by setting
RANON_TIME_SEC_OFFSET (to e.g. "fixed:60" to bump everything up by one
minute). Here's a screenshot of what I'm trying to do and the contents
of my anonymizer config file:
foo at bar:~$ ra -nn -r argus-collector.ra | head
StartTime Flgs Proto SrcAddr Sport Dir
14:49:33.631163 e 17 10.30.30.20.123 -> 10.
14:49:38.197072 e F 17 192.168.30.100.0 -> 192.
14:49:38.197327 e f 17 192.168.30.100.0 -> 192.
14:49:38.197827 e f 17 192.168.30.100.0 -> 192.
14:49:38.197829 M 17 192.168.30.30.39879 <-> 10
14:49:38.198071 e 17 192.168.30.10.514 -> 192.
14:49:38.199066 e 17 10.30.30.20.6057 <-> 1
14:49:38.199317 M 6 10.30.30.20.36450 <?> 192.
14:49:38.267028 M 17 192.168.30.30.33142 <-> 10
foo at bar:~$ ranonymize -f ./ranon.conf -nn -r argus-collector.ra | head
StartTime Flgs Proto SrcAddr Sport Dir
14:49:33.631163 e 17 1.0.2.1.123 ->
14:49:38.197072 e F 17 192.168.40.100.0 -> 192
14:49:38.197327 e f 17 192.168.40.100.0 -> 192
14:49:38.197827 e f 17 192.168.40.100.0 -> 192
14:49:38.197829 M 17 192.168.40.1.50938 <->
14:49:38.198071 e 17 192.168.40.2.514 -> 192
14:49:38.199066 e 17 1.0.2.1.17116 <->
14:49:38.199317 M 6 1.0.2.1.47509 <?> 192
14:49:38.267028 M 17 192.168.40.1.44201 <->
foo at bar:~$ cat ./ranon.conf
RANON_TIME_SEC_OFFSET=fixed:60
RANON_SPECIFY_NET_TRANSLATION=192.168.30.0::192.168.40.0
RANON_SPECIFY_HOST_TRANSLATION=192.168.30.100::192.168.40.100
Any chance I've messed up setting the value of RANON_TIME_SEC_OFFSET ?
Any other clues and advice much appreciated!
Thanks much,
--Gabriel
More information about the argus
mailing list