[ARGUS] Argus error in packet size and bytes

Sehan Samarakoon sehan6996 at gmail.com
Wed Jun 1 09:14:50 EDT 2022 

Hi Carter,

Thanks for the reply. I'm running argus on a Kali linux and was only able
to install argus through "sudo apt-get install". So I have been using the
version 3.0.8.2 as shown in here.
[image: argus_ver.png]
I have been trying to get the source code from github but the following
message is given and argus is not installed when I give the "make" command.

[image: Screenshot_2022-06-01_09-05-37.png]
Any idea what I'm doing wrong?

-Sehan





On Tue, 31 May 2022 at 16:29, Carter Bullard <carter at qosient.com> wrote:

> Hey Sehan,
> There are a few questions to go through …
>
> What version are you using ?  … the current version is 3.0.8.4, be sure
> and get the latest software releases from https://github.com/openargus
> How are you running argus ?
> How are you running ra ? …
>
> in your earlier off-list emails, you sent a screenshot where the pkts and
> bytes fields had no values  … this is normally an argus / client version
> mismatch problem or you processed the .argus file and stripped the metrics
> dsr out of the records … getting the latest code should help.  The INT
> you see is the value for ’state’ field.  To see that the fields are
> blank, you can print as a CSV …
>    % ra -r loic.argus -c ,
>
> Have you processed the files with other ra* commands ???  That could
> account for the missing metrics values ...
>
> If it is a complete mystery, then if you can share the pcap file that
> generates the error, I can take a look ...
>
> Carter
>
> On May 31, 2022, at 6:43 AM, Sehan Samarakoon <sehan6996 at gmail.com> wrote:
>
> Hi,
>
> I have been using argus tool to convert a pcap into the argus file format.
> However, I'm getting an error "ArgusGenerateRecordStruct: pre
> ARGUS_DATA_DSR len is zero" when I read through the command ra. In
> addition, I'm also not getting any values for pkts and bytes fields in some
> of the flows. Instead it prints as INT.
>
> I would be really grateful to you if you can tell me if there is any way
> to overcome this / anything I'm doing wrong? I have been searching through
> internet for a very long time, only to be unsuccessful. Your response is
> highly appreciated.
>
> Thank you
> Best Regards,
> Sehan Samarakoon
>
>
> _______________________________________________
> argus mailing list
> argus at qosient.com
> https://pairlist1.pair.net/mailman/listinfo/argus
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220601/a26cc338/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot_2022-06-01_09-05-37.png
Type: image/png
Size: 231967 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220601/a26cc338/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus_ver.png
Type: image/png
Size: 8786 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220601/a26cc338/attachment-0003.png>

More information about the argus mailing list