[robin at koping.net: argus.]
Peter Van Epp
vanepp at sfu.ca
Thu Jun 14 16:58:14 EDT 2001
If I understand the question correctly this is already the default
(unless you suppress it with the -n flag). Without the -n flag ra (and all
the rest) will do a reverse lookup in the DNS and if the IP resolves substitue
as much of the host name as it can in the output display. In the example
below 24.159.5.213 doesn't have a reverse entry and thus isn't resolved but
the other three do and truncated (and therefore not necessarily too useful)
output is provided. The DNS lookups slow the process down a fair bit and thus
I usually suppress this with the -n flag.
Thu 06/14 08:01:37 d tcp farrelllab.biol.2485 <-> h24n1fls33o831..1214 162 212 0 308640 EST
Thu 06/14 08:01:43 d tcp farrelllab.biol.1073 <-> 24.159.5.213.1214 2 4 2 3 EST
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> I think he wants ra to resolve src ip and dst ip.
>
> ----- Forwarded message from Robin Hansson <robin at koping.net> -----
>
> X-From_: robin at koping.net Thu Jun 14 14:23:41 2001
> Envelope-to: yotam at makif.omer.k12.il
> From: "Robin Hansson" <robin at koping.net>
> To: <yotam at makif.omer.k12.il>
> Subject: argus.
>
> hi!
> just wondering if you were going to add ip -> host support in argus.
> so you can add a parameter and argus (ra) will show hosts instead of ips...
>
> /regards robin
>
> ----- End forwarded message -----
>
More information about the argus
mailing list