argus

Mark Poepping poepping at cmu.edu
Fri Mar 12 09:00:24 EST 1999


[any list folks who want to help hack on a stock how-to? ]

Unfortunately, there isn't really anything available beyond
the docs in the distribution..  Though there are at least
a few of us who've been using it a long time..

My suggestion is to just run it a while and see what you
see, then pop some questions or insights back our way.
To 'run it a while', stick a machine on a stub you want to
watch and start up the server (argus_linux on a linux box).
	argus_linux -w argusmon.out &
Then, once you see stuff getting dumped into the file (which
should be right away), run a a couple clients on the data
file.  The best clients to start with are 'ra' and 'raservices'.
try the following..
	ra -r argusmon.out
	ra -ncm argusmon.out
	raservices -r argusmon.out | sort +2rn | head
By the way, remember that as a 'network tap', argus only sees
what's on the wire, so if you're highly switched, this can be
somewhat problematic.  You just need to put it somewhere where
you can 'snoop' the traffic you're interested in, either by
double-hopping a border router, getting a switch that can 'span'
traffic, or by putting it 'next to' a machine you want to watch.

Good luck.
mark.

by the way, there's a majordomo mailing list
at argus at lists.andrew.cmu.edu.. send mail to
argus-request at lists.andrew.cmu.edu to join.


> -----Original Message-----
> From: Martin Pousette [mailto:Martin.Pousette at it.ki.se]
> Sent: Friday, March 12, 1999 3:22 AM
> To: argus at sei.cmu.edu
> Subject: argus
>
>
> Hi there i wonder where i can find a good "HOW-TO" to argus ?
>
> /Martin
>   Martin Pousette     Karolinska Institutet            Tel: 08-728 6865
>   Datasäkerhet        171 77 Stockholm                 Mob: 070-629 6623
>   IT-Avdelningen      Besök Doktorsringen 6C, Solna    Fax: 08-34 00 32
>



More information about the argus mailing list