[ARGUS] Argus error in packet size and bytes

Sun Jun 5 03:25:56 EDT 2022

And in all of them 'e' is not there under flags too. Is this due to some
information missing in the packets?

-Sehan

On Sun, 5 Jun 2022 at 10:22, Sehan Samarakoon <sehan6996 at gmail.com> wrote:

> Hi Carter,
>
> Finally got it to work on my Mac. Thank you for your help. The "pre
> ARGUS_DATA_DSR len is zero" issue is now sorted. However, i'm still getting
> some flows as INT and in all of them, the packet size and no of bytes
> fields are empty. Do you have any idea what could be the issue? What does
> the state 'INT' actually mean? This happens with flows that have state
> 'INT' only.
>
> -Sehan
>
> On Fri, 3 Jun 2022 at 17:00, Carter Bullard <carter at qosient.com> wrote:
>
>> Hey Sehan,
>> There are many methods for managing software on Linux machines.  By
>> downloading the source, and using ‘make install’, you are avoiding all of
>> those systems, so ‘dpkg’ won’t ‘know’ that the software is installed.
>> Working with source is a good thing for an investigator … you’re now a
>> developer rather than a user :O)
>>
>> There is a file in each of the distributions that describes these
>> concepts, like the README file and the INSTALL file.  Take a look ...
>>
>> By default, argus will install all of its code into the /usr/local
>> directories.
>>    % cd /usr/local
>>    % ls
>>
>> If your ‘make install’ was successful, you should see the bin and sbin
>> subdirectories in /usr/local.  Argus is in the sbin directory (system
>> binary) and the clients are all in the bin directory.
>> You can run programs like ‘ra’ by providing the complete path in your
>> command …
>>
>>    % /usr/local/bin/ra -r argus.file
>>
>> You may need to add /usr/local/bin and /usr/local/sbin directories to
>> your PATH variable (added to .bashrc, or .profile in your home directory),
>>
>> You can have argus change where it installs things.  If you would rather
>> argus install its software in the system /usr/sbin and /usr/bin
>> directories, try this:
>>    % make uninstall
>>           This will remove the current software
>>
>>    % ./configure —prefix=/usr
>>    % make install
>>
>> Do look at the output of the make program calls, as the information is
>> very useful and possibly instructional.
>> If you would like it to install in the /opt directory structure, then
>> change the ‘/usr’ in the above configure call to ‘/opt’.
>>
>>  Carter
>>
>>
>> On Jun 3, 2022, at 8:51 AM, Sehan Samarakoon <sehan6996 at gmail.com> wrote:
>>
>> Hi Carter,
>>
>> The installation issue is ok now. It got installed with 'make install'.
>> But argus package is not showing under dpkg list yet. And argus commands
>> are not working. It says its not installed and asking to be installed with
>> 'apt'. Is there a specific location that I should clone it? Are there any
>> environment variables to be adjusted?
>>
>> Sehan
>>
>> On Thu, 2 Jun 2022 at 17:17, Carter Bullard <carter at qosient.com> wrote:
>>
>>> Hey Sehan,
>>> You aren’t doing anything wrong … my bad … I didn’t finish a needed
>>> change in master for the mysql code … for some reason my test machine
>>> didn’t have mysql installed …
>>> OK fetch and pull the code from GitHub again and all should be well ...
>>>
>>> Carter
>>>
>>>
>>> On Jun 1, 2022, at 9:14 AM, Sehan Samarakoon <sehan6996 at gmail.com>
>>> wrote:
>>>
>>> Hi Carter,
>>>
>>> Thanks for the reply. I'm running argus on a Kali linux and was only
>>> able to install argus through "sudo apt-get install". So I have been using
>>> the version 3.0.8.2 as shown in here.
>>> <argus_ver.png>
>>> I have been trying to get the source code from github but the following
>>> message is given and argus is not installed when I give the "make" command.
>>>
>>> <Screenshot_2022-06-01_09-05-37.png>
>>> Any idea what I'm doing wrong?
>>>
>>> -Sehan
>>>
>>>
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220605/4922d444/attachment-0001.htm>