Argus scripts and docs
Carter Bullard
cbullard at nortelnetworks.com
Tue Feb 16 16:11:41 EST 1999
Hey Russell,
Hmmmmm, well there is some support already for
flows that have packets that are illegal, bad, not
playing the right game, whatever. But there are
problems with trying to track flows where there
are inappropriate events that occur during the flow.
The principal problem is that there can be a HUGE
number of problem combinations, also the maintenance
on this type of reporting can be very demanding.
If we can get some problems of interest defined,
then we may be able to sneak some of the indications
in, maybe for Argus 2.0 when we increase the
record size.
Carter
-----Original Message-----
From: Russell Fulton [mailto:r.fulton at auckland.ac.nz]
Sent: Tuesday, February 16, 1999 3:49 PM
To: Carter Bullard
Subject: Re: RE: RE: Argus scripts and docs
Hi Carter,
> The 'est' bug I'll get to this week and we'll
> have it in 1.8 which is just now coming together.
> I'll also put in the key words for picking out
> TCP state.
That will be great! Another thought -- perhaps for 1.9 ;-)
Could we have an ill(egal) keyword? In detail mode it would select any
packets that had illegal combinations of flags etc. In summary mode it
could also report sessions that did not start with a syn etc.
Or perhaps this is best done in a separate client.
Cheers, Russell.
More information about the argus
mailing list