Matching state in ra().
Carter Bullard
carter at qosient.com
Sat Feb 24 17:45:00 EST 2001
Hey Scott,
The ra() filter supports several keywords, that
can help. "con" and "est" will give you transactions
that were connected or established. So you should be
able to do something like this:
ra -r filename - tcp and port 25 and est
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Scott
> A. McIntyre
> Sent: Saturday, February 24, 2001 4:22 PM
> To: Argus Mailing List
> Subject: Matching state in ra().
>
>
> Hi,
>
> What's the best way to match a TCP connection state in a ra() query?
> I know how to get it reported, but if I only want to report a specific
> state, is there a twiddle somewhere that will do this?
>
> Specifically, if I were wanting to get Established matches for a
> specific port/protocol.
>
> Thanks,
>
> Scott
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010224/78b1d9fa/attachment.html>
More information about the argus
mailing list