[ARGUS] the packet and byte count are unreasonably high
Ming Fu via Argus-info
argus-info at lists.andrew.cmu.edu
Fri Nov 1 14:58:34 EDT 2024
Hi,
Does anyone have similar problem? This happens to us from time to time. The read out from the archive has packets and bytes counter that are impossibly high.
We are running the argus from 5.0.0 branch. This also happens to the 3.x argus before we upgraded to v5. I was hopping the upgrade to v5 would solve this problem, but it still happens.
ra -L -1 -c' ' -n -s dbytes,stime,ltime,saddr,daddr,proto,spkts,dpkts,sport,dport,sbytes -r archive | sort -n
....
Skip the lower counts
...
3999669780 10/11.22:14:36.569519 10/11.22:15:05.029679 10.61.6.12 10.49.40.72 tcp 377597 2789170 62275 445 23006913
4185639434 10/11.22:12:16.415003 10/11.22:12:44.906949 10.61.6.12 10.49.40.72 tcp 182047 2918859 62268 445 11087544
14753212661760 10/11.22:16:52.131629 10/11.22:17:22.201542 10.61.6.12 10.49.40.72 tcp 845322578559266 17187209216 62277 445 3460172017553113607
2305843022098595842 10/11.22:18:22.302991 10/11.22:18:52.361259 10.61.6.12 10.49.40.72 tcp 4629700418014806016 5188147880946339125 62277 445 1077936128
2305843022098595842 10/11.22:18:52.361328 10/11.22:19:22.380591 10.61.6.12 10.49.40.72 tcp 4899986764475894443 5188147880946341913 62277 445 4953075936113354752
4706261611810128643 10/11.22:15:52.069615 10/11.22:16:22.104070 10.61.6.12 10.49.40.72 tcp 3458764519289913606 4665729215040269099 62277 445 13950255104
7514215852137765761 10/11.22:17:52.215696 10/11.22:18:22.302887 10.61.6.12 10.49.40.72 tcp 0 926742273327104 62277 445 1728685102
Regards,
Ming
More information about the argus
mailing list