Further (broken) argus-2.0.0 patches
Neil Long
neil.long at computing-services.oxford.ac.uk
Sun Sep 3 10:57:01 EDT 2000
> I had completely forgotten the '-e' and '-a'
> options so they go in on Tuesday. An option that
> you do want to test is the multiple '-w filename "filter"'
> expressions, the filter needs to be quoted for the
> thing to work. There is no testing that the filenames
> don't collides, so don't complain if you put two
> "-" and you get unexpected results ;o).
The tcpdump file I used was very simple - the original filter was
tcp port 79
so I am puzzled as to why there may be differences. I will be able to run
more tests tomorrow on various tcpdump capture files. This was just one I
had on the local disk.
I will start building a series of tcpdump data files with various filter
options and see what that does to help debug. I would still prefer to try on
a 'known good' platform first and make comparisons after.
Neil
More information about the argus
mailing list