Carter Bullard | 2 Aug 16:55 2012

Re: argus bivio bug when writing files?

Gentle people,
This problem, where many argi running on a single Bivio box, configured
to write their output to a file would generate unpredictable results, wasn't
a bug, but a mis-configuration.

Bivio is a multiprocessor box that provides coarse grain parallelism for
packet capture applications.  Bivio routes captured packets to a set of
processors, each running its own copy of of the packet analytic, in this
case its argus.  Each argi generates flow records for the subset of traffic
that it gets.  By combining the output of all the argi, you will get the complete
set of flow records for the high performance link that is being monitored.

This is also the basic strategy when running argus on Tilera, a 32, 64,
and now 100 core general purpose processor chip.

The problem was, in this case, that all these independent argi were
configured identically, to write their output to the same file.   Well, this
isn't a good thing to do, regardless of the application.  Argus doesn't do any
file locking on its output file, so this is not going to be a good thing to do.
Things should go maybe alright at first, but when the file is renamed,
each argi can take on the task of closing, and recreating the file, which
generates all kinds of race conditions and potential problems.  Some of the
argi will think the file hasn't changed, and continue to write into the old
file descriptor, etc….

The preferred strategy is for you to run a radium on a core in the Bivio
or Tilera, that collects the records from the various argi, and then the
single radium can provide access to the combined stream of argus data.

Depending on the architecture, and the nature of how packets are
routed to the individual processors, the combined output may need to be
processed by racluster() to combine any potential flow fragments, create
bi-directional flows from uni-directional flows, and to do the P1/P2 flow
processing, such as matching ICMP packet with causal flow records.

Processing the combined output using rasplit() or rabins(), which can also
run on the Bivio, or in the case of Tilera, on the host processor, allows you
to control the the load and maintain the performance.

If you're having problems running argus on Bivio or Tilera, don't hesitate
to email / call / whatever.


Carter


On Jul 26, 2012, at 12:58 PM, Carter Bullard wrote:

Gentle people,
We've got a bug report on Bivio, when argus is configured to write to a file.
When the file is moved, argus doesn't appear to do the right thing, sometimes
not recreating the file, or seeing zero length files.

I have found a condition where argus may close and open the output file
too often, but code inspection isn't revealing much.  I have a patch for the
errant closing and opening condition, and that will be in the next release.

Anyone else seeing problems when argus is configured to write to files, 
and you move the files periodically?

Hope all is most excellent,

Carter


Attachment (smime.p7s): application/pkcs7-signature, 5901 bytes
Carter Bullard | 2 Aug 17:13 2012

Re: NetFlow V9

Hey CS Lee,
I've been using a number of netflow v9 generators, but I'd like some real data,
as I don't have the ability to generate all the weird stuff that is out there.  Getting
some good live traffic from real devices would be very helpful.

Carter 

On Jul 17, 2012, at 8:51 AM, CS Lee wrote:

hi Carter,

Have you tried to use pmacct to export netflow v9 data? Vyatta(open source network OS) is using pmacct to export netflow v9 and maybe you can get sample data out of it, of course we can have more help if the data is from cisco netflow v9. We can also use pmacct to get sample sflow data.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net

Attachment (smime.p7s): application/pkcs7-signature, 5901 bytes
Carter Bullard | 3 Aug 01:56 2012

netflow v9 implementation

Gentle people,
I've got the netflow v9 support for argus almost  complete.  Not sure if we're doing all
the netflow v9 data types correctly, (TTL? TOS?) and not sure what our throughput will
be, although I'm  hoping for 10K+ flows per second.  Unfortunately, I have limited data
sources, so getting some good testing would be nice before I put it " out there ".

I'd like to work with a set of netflow v9 testers, if there is interest.  Please send email
if you'd like to give this stuff a run, sooner than later.

Getting the code stripped out and put into an argus[-clients]-3.0.7 distro will take a
little time, but the plan is to have something like that with the netflow v9 support in
by mid-August.

Hope all is most excellent,

Carter 



Attachment (smime.p7s): application/pkcs7-signature, 5901 bytes
Carter Bullard | 3 Aug 22:43 2012

argus-clients-3.0.7.1 with full netflow v.9 support

Gentle people,
I've uploaded argus-clients-3.0.7.1.tar.gz to the developers site.  This
code has the completed netflow v9 support, all in.


Remember, the cisco specific " -C [host:]port " option has been deprecated, and
the preferred method for reading cisco wire line data streams is :

   ra -S cisco://host:port

The host:port values are the address and port that the Cisco netflow source
is writing to.  So in my test environment, I had pmacctd write netflow v9 datagrams
to 127.0.0.1 and port 12345, so I would run ra, ratop, whatever as:


Now, the ra* clients cannot decode the netflow v9 stream until it receives template
descriptions, which on some of my test systems, took up to 60 seconds to get, so you may
have to wait a bit before anything comes out.  If you want to see some debug information,
you can run "-D 5" and get some of the template management debug information and new
flow recognition.

Please give this new feature a run.  If you have any problems at all, consider
doing a packet capture of the netflow v9 stream that we're trying to decode, so I
can debug.


Carter

Attachment (smime.p7s): application/pkcs7-signature, 5901 bytes
John Gerth | 5 Aug 00:21 2012
Picon

Re: Bug in direction - TCP SYN/ACK but no SYN

Since the direction indicator is a derived field, I think that perhaps '?' would
be more in line as a naked SYN/ACK is illogical with respect to the TCP protocol.
It might be a scan or it might be that the SYN packet wasn't seen by argus which
could be indicative of all sorts of other things (drops, asymmetric routes, etc.).

In general, I like that argus generally sticks to "just the facts" in reporting
what it has seen.

John Gerth      gerth <at> graphics.stanford.edu  Gates 378   (650) 725-3273

On 7/31/12 12:48 AM, Rafael Barbosa wrote:
> Hi Carter,
> 
> I haven't considered scans. However, I am not sure that using the field direction to display who is the
source of the scan is that useful, specially
> when no other field in the transaction record classifies it as a scan (I might be wrong about this). 
> 
> My feeling is that, for TCP connections, you should mark the direction 'client -> server', and not
'scanner -> target'. In the case of my example, I
> think the most appropriate value would be 'scanner ?> target', as data only flows in this direction, and no
client/server relation can be stablished.
> If you want to provide more information about the nature of the traffic (i.e., if it is a scan or not), it
should be done in another transaction
> field, or maybe even another argus client.
> 
> Regards,
> Rafael Barbosa
> http://www.ewi.utwente.nl/~barbosarr/ <http://www.ewi.utwente.nl/%7Ebarbosarr/>
> 
> 
> 
> On Tue, Jul 31, 2012 at 2:11 AM, Carter Bullard <carter <at> qosient.com <mailto:carter <at> qosient.com>> wrote:
> 
>     Hey Rafael,
>     Not sure that there is a bug.  We changed the simple rule of SYN or SYN_ACK
>     specifying the direction, because single SYN_ACK packets are used quite frequently
>     in scanning strategies.  So, if there are no other packets, and just SYN_ACK, we
>     leave the direction to indicate the source of the scan, because, more than likely
>     its a scan job?
> 
>     Maybe we should put a ' ? ' in these cases? or we could put the arrow in the other
>     direction?  What do you think?
> 
>     Carter
> 
>     On Jul 27, 2012, at 9:19 AM, Rafael Barbosa <rrbarbosa <at> gmail.com <mailto:rrbarbosa <at> gmail.com>> wrote:
> 
>>     Hi,
>>
>>     I may have fund a bug in the argus with respect to the direction of TCP connections. When only the SYN-ACK
message is received in TCPs 3-way
>>     handshake (i.e., the SYN is missing), argus is setting the direction from server to client, instead of
client to server.
>>
>>     Small example:
>>     $> tcpdump -r anon.pcap 
>>     reading from file anon.pcap, link-type EN10MB (Ethernet)
>>     14:53:53.713258 IP 117.12.236.14.https > 117.69.107.235.1047: Flags [S.], seq 3044833418
<tel:3044833418>, ack 1678823480, win 5840, options
>>     [mss 1436,nop,nop,sackOK], length 0
>>     14:56:03.341851 IP 117.12.236.14.https > 117.69.107.235.1042: Flags [S.], seq 3194374727
<tel:3194374727>, ack 2254352525 <tel:2254352525>, win
>>     5840, options [mss 1436,nop,nop,sackOK], length 0
>>
>>     $> argus -r anon.pcap -w flows.argus
>>     $> ra -r flows.argus 
>>        13:53:53.713258  *           tcp      117.12.236.14.https     ->     117.69.107.235.1047          1         66   ACC
>>        13:56:03.341851  *           tcp      117.12.236.14.https     ->     117.69.107.235.1042          1         66   ACC
>>
>>     Using the latest stable version, argus-3.0.6.1.
>>
>>     Best regards,
>>     Rafael Barbosa
>>     http://www.ewi.utwente.nl/~barbosarr/ <http://www.ewi.utwente.nl/%7Ebarbosarr/>
>>
>>     <anon.pcap>
> 
> 

Harika Tandra | 13 Aug 16:50 2012

country and city code with ralabel and GeoIP (argus-client-3.0.6.2)

Hi Carter,

I am using argus-clients-3.0.6.2. I see that ralabel is not working with GeoIPCity database. 
I am able to get AS information but not City related information. I am using the 
following commands: 

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -s sas das sco dco scity dcity

and 

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das

And my ralabel.conf file is :

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
RALABEL_GEOIP_CITY="saddr,daddr:cco,cco3,city,lat,lon"
RALABEL_GEOIP_CITY_FILE="/usr/local/share/GeoIP/GeoIPCity.dat"

Please let me know if I you are observing the same or maybe something wrong at my end.

Thanks,
Harika Tandra.

----------------------------------------------------------
Harika Tandra
Research Associate (Software Engineer)
GLORIAD, ISSE
311 Conference Center Building
University of Tennessee 
htandra <at> gloriad.org
htandra <at> utk.edu

Carter Bullard | 13 Aug 17:04 2012

Re: country and city code with ralabel and GeoIP (argus-client-3.0.6.2)

Hey Harika,
The generic city related information is added to the flow record's label as an ascii metadata string,
so there aren't specific city, zip or state fields to print, at least not today.  To filter on the field contents,
you use the " -e <regex> " option to specify the field contents you're looking for.

We do have support for country codes, which can come from various databases, and support
for  AS numbers, which comes from the GEOIP library, right now (if you have the right databases
in place.  As a result, you should get values when you printout the sco, dco, sas, and das
independent of the extended city data.

What output are you getting when you print out these fields and the labels?

   ra -s sco dco sas das label:64

Carter



On Aug 13, 2012, at 10:50 AM, Harika Tandra wrote:

Hi Carter,

I am using argus-clients-3.0.6.2. I see that ralabel is not working with GeoIPCity database.
I am able to get AS information but not City related information. I am using the
following commands:

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -s sas das sco dco scity dcity

and

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das


And my ralabel.conf file is :

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
RALABEL_GEOIP_CITY="saddr,daddr:cco,cco3,city,lat,lon"
RALABEL_GEOIP_CITY_FILE="/usr/local/share/GeoIP/GeoIPCity.dat"


Please let me know if I you are observing the same or maybe something wrong at my end.

Thanks,
Harika Tandra.




----------------------------------------------------------
Harika Tandra
Research Associate (Software Engineer)
GLORIAD, ISSE
311 Conference Center Building
University of Tennessee
htandra <at> gloriad.org
htandra <at> utk.edu





Attachment (smime.p7s): application/pkcs7-signature, 5901 bytes
Harika Tandra | 13 Aug 17:38 2012

Re: country and city code with ralabel and GeoIP (argus-client-3.0.6.2)

Hi Carter,

Thank you, its good to know about the label metadata string. I can grep the needed information from it.
I am not getting sco and dco directly though. This is the output I get from the below command :

# /usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das label:64
         1781       scity=KR,KR,(null),37.000000,127.500000:dcity=US,US,(null),38.0*
          137  6879 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,Cairo,30.0*
         8075 20928 scity=US,US,(null),38.000000,-97.000000:dcity=EG,EG,Cairo,30.04*
         8075 20928 scity=US,US,Redmond,47.670601,-122.068497:dcity=EG,EG,(null),27*
         3512  7472 scity=US,US,Atlanta,33.795200,-84.324799:dcity=SG,SG,(null),1.3*
          137  6879 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,(null),27.*
         9488    91 scity=KR,KR,Seoul,37.566399,126.999702:dcity=US,US,Troy,42.7495*
          137  2561 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,G?za,30.00*
        22950  4538 scity=CA,CA,Saskatoon,52.133301,-106.666801:dcity=CN,CN,Beijing*
          239  4538 scity=CA,CA,Toronto,43.666698,-79.416801:dcity=CN,CN,Guangzhou,*
        36441  4538 scity=US,US,Athens,33.949902,-83.375000:dcity=CN,CN,Changchun,4*

When I query the GeoIPCity database separately, I do get the expected output. So everything on that end seems right. 

Thanks,
Harika.


On Aug 13, 2012, at 11:04 AM, Carter Bullard wrote:

Hey Harika,
The generic city related information is added to the flow record's label as an ascii metadata string,
so there aren't specific city, zip or state fields to print, at least not today.  To filter on the field contents,
you use the " -e <regex> " option to specify the field contents you're looking for.

We do have support for country codes, which can come from various databases, and support
for  AS numbers, which comes from the GEOIP library, right now (if you have the right databases
in place.  As a result, you should get values when you printout the sco, dco, sas, and das
independent of the extended city data.

What output are you getting when you print out these fields and the labels?

   ra -s sco dco sas das label:64

Carter



On Aug 13, 2012, at 10:50 AM, Harika Tandra wrote:

Hi Carter,

I am using argus-clients-3.0.6.2. I see that ralabel is not working with GeoIPCity database.
I am able to get AS information but not City related information. I am using the
following commands:

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -s sas das sco dco scity dcity

and

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das


And my ralabel.conf file is :

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
RALABEL_GEOIP_CITY="saddr,daddr:cco,cco3,city,lat,lon"
RALABEL_GEOIP_CITY_FILE="/usr/local/share/GeoIP/GeoIPCity.dat"


Please let me know if I you are observing the same or maybe something wrong at my end.

Thanks,
Harika Tandra.




----------------------------------------------------------
Harika Tandra
Research Associate (Software Engineer)
GLORIAD, ISSE
311 Conference Center Building
University of Tennessee
htandra <at> gloriad.org
htandra <at> utk.edu






Carter Bullard | 13 Aug 18:14 2012

Re: country and city code with ralabel and GeoIP (argus-client-3.0.6.2)

Hey Harika,
You aren't inserting the country codes with your configuration, you are
specifying that the extended city information should include the country codes,
but that just inserts the cco into the metadata string, it doesn't populate the
sco or dco values.

Currently, to insert country codes so that sco and dco are populated, you need
to use RALABEL_ARIN_COUNTRY_CODES and set an ARIN style data file
for the encodings.  I'll look to change this, but currently, you should set both
label strategies.

Remember, the " * " at the end of the string indicates that you didn't provide enough
space to print the values, so the 64 should be larger, or use comma separated output,
which doesn't truncate the fields.


Carter 


On Aug 13, 2012, at 11:38 AM, Harika Tandra wrote:

Hi Carter,

Thank you, its good to know about the label metadata string. I can grep the needed information from it.
I am not getting sco and dco directly though. This is the output I get from the below command :

# /usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das label:64
         1781       scity=KR,KR,(null),37.000000,127.500000:dcity=US,US,(null),38.0*
          137  6879 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,Cairo,30.0*
         8075 20928 scity=US,US,(null),38.000000,-97.000000:dcity=EG,EG,Cairo,30.04*
         8075 20928 scity=US,US,Redmond,47.670601,-122.068497:dcity=EG,EG,(null),27*
         3512  7472 scity=US,US,Atlanta,33.795200,-84.324799:dcity=SG,SG,(null),1.3*
          137  6879 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,(null),27.*
         9488    91 scity=KR,KR,Seoul,37.566399,126.999702:dcity=US,US,Troy,42.7495*
          137  2561 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,G?za,30.00*
        22950  4538 scity=CA,CA,Saskatoon,52.133301,-106.666801:dcity=CN,CN,Beijing*
          239  4538 scity=CA,CA,Toronto,43.666698,-79.416801:dcity=CN,CN,Guangzhou,*
        36441  4538 scity=US,US,Athens,33.949902,-83.375000:dcity=CN,CN,Changchun,4*

When I query the GeoIPCity database separately, I do get the expected output. So everything on that end seems right. 

Thanks,
Harika.


On Aug 13, 2012, at 11:04 AM, Carter Bullard wrote:

Hey Harika,
The generic city related information is added to the flow record's label as an ascii metadata string,
so there aren't specific city, zip or state fields to print, at least not today.  To filter on the field contents,
you use the " -e <regex> " option to specify the field contents you're looking for.

We do have support for country codes, which can come from various databases, and support
for  AS numbers, which comes from the GEOIP library, right now (if you have the right databases
in place.  As a result, you should get values when you printout the sco, dco, sas, and das
independent of the extended city data.

What output are you getting when you print out these fields and the labels?

   ra -s sco dco sas das label:64

Carter



On Aug 13, 2012, at 10:50 AM, Harika Tandra wrote:

Hi Carter,

I am using argus-clients-3.0.6.2. I see that ralabel is not working with GeoIPCity database.
I am able to get AS information but not City related information. I am using the
following commands:

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -s sas das sco dco scity dcity

and

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das


And my ralabel.conf file is :

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
RALABEL_GEOIP_CITY="saddr,daddr:cco,cco3,city,lat,lon"
RALABEL_GEOIP_CITY_FILE="/usr/local/share/GeoIP/GeoIPCity.dat"


Please let me know if I you are observing the same or maybe something wrong at my end.

Thanks,
Harika Tandra.




----------------------------------------------------------
Harika Tandra
Research Associate (Software Engineer)
GLORIAD, ISSE
311 Conference Center Building
University of Tennessee
htandra <at> gloriad.org
htandra <at> utk.edu







Attachment (smime.p7s): application/pkcs7-signature, 5901 bytes
Harika Tandra | 13 Aug 18:48 2012

Re: country and city code with ralabel and GeoIP (argus-client-3.0.6.2)

Hi Carter,

I understand the configuration now. Thank you. 
I downloaded and set the ARIN country codes file and uncommented RALABEL_ARIN_COUNTRY_CODES
in ralabel.conf.
Now I am getting all the information needed with this command :

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -c ',' -s sco dco sas das label

Thanks again.

Regards,
Harika.


On Aug 13, 2012, at 12:14 PM, Carter Bullard wrote:

Hey Harika,
You aren't inserting the country codes with your configuration, you are
specifying that the extended city information should include the country codes,
but that just inserts the cco into the metadata string, it doesn't populate the
sco or dco values.

Currently, to insert country codes so that sco and dco are populated, you need
to use RALABEL_ARIN_COUNTRY_CODES and set an ARIN style data file
for the encodings.  I'll look to change this, but currently, you should set both
label strategies.

Remember, the " * " at the end of the string indicates that you didn't provide enough
space to print the values, so the 64 should be larger, or use comma separated output,
which doesn't truncate the fields.


Carter 


On Aug 13, 2012, at 11:38 AM, Harika Tandra wrote:

Hi Carter,

Thank you, its good to know about the label metadata string. I can grep the needed information from it.
I am not getting sco and dco directly though. This is the output I get from the below command :

# /usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das label:64
         1781       scity=KR,KR,(null),37.000000,127.500000:dcity=US,US,(null),38.0*
          137  6879 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,Cairo,30.0*
         8075 20928 scity=US,US,(null),38.000000,-97.000000:dcity=EG,EG,Cairo,30.04*
         8075 20928 scity=US,US,Redmond,47.670601,-122.068497:dcity=EG,EG,(null),27*
         3512  7472 scity=US,US,Atlanta,33.795200,-84.324799:dcity=SG,SG,(null),1.3*
          137  6879 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,(null),27.*
         9488    91 scity=KR,KR,Seoul,37.566399,126.999702:dcity=US,US,Troy,42.7495*
          137  2561 scity=IT,IT,Direzione,40.799999,9.016700:dcity=EG,EG,G?za,30.00*
        22950  4538 scity=CA,CA,Saskatoon,52.133301,-106.666801:dcity=CN,CN,Beijing*
          239  4538 scity=CA,CA,Toronto,43.666698,-79.416801:dcity=CN,CN,Guangzhou,*
        36441  4538 scity=US,US,Athens,33.949902,-83.375000:dcity=CN,CN,Changchun,4*

When I query the GeoIPCity database separately, I do get the expected output. So everything on that end seems right. 

Thanks,
Harika.


On Aug 13, 2012, at 11:04 AM, Carter Bullard wrote:

Hey Harika,
The generic city related information is added to the flow record's label as an ascii metadata string,
so there aren't specific city, zip or state fields to print, at least not today.  To filter on the field contents,
you use the " -e <regex> " option to specify the field contents you're looking for.

We do have support for country codes, which can come from various databases, and support
for  AS numbers, which comes from the GEOIP library, right now (if you have the right databases
in place.  As a result, you should get values when you printout the sco, dco, sas, and das
independent of the extended city data.

What output are you getting when you print out these fields and the labels?

   ra -s sco dco sas das label:64

Carter



On Aug 13, 2012, at 10:50 AM, Harika Tandra wrote:

Hi Carter,

I am using argus-clients-3.0.6.2. I see that ralabel is not working with GeoIPCity database.
I am able to get AS information but not City related information. I am using the
following commands:

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -s sas das sco dco scity dcity

and

/usr/local/bin/ralabel -f /etc/ralabel.conf -S localhost -w - | /usr/local/bin/ra -s sco dco sas das


And my ralabel.conf file is :

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
RALABEL_GEOIP_CITY="saddr,daddr:cco,cco3,city,lat,lon"
RALABEL_GEOIP_CITY_FILE="/usr/local/share/GeoIP/GeoIPCity.dat"


Please let me know if I you are observing the same or maybe something wrong at my end.

Thanks,
Harika Tandra.




----------------------------------------------------------
Harika Tandra
Research Associate (Software Engineer)
GLORIAD, ISSE
311 Conference Center Building
University of Tennessee
htandra <at> gloriad.org
htandra <at> utk.edu









Gmane