User data
Scott A. McIntyre
scott at xs4all.nl
Thu Mar 1 00:57:51 EST 2001
> I have been playing with collecting user data with argus and have a few
> comment, a problem and a question:
>
In playing with this for the last couple of weeks, I've noticed
something a bit peculiar...namely, that it doesn't seem to always work.
here's an example of what I mean:
28 Feb 01 22:09:38 tcp xxx.yyy.zzz.aaa.1025 -> xxx.yyy.zz.qq.23 EST
s[64]="..#..$...9600,9600....'.......VT100................"......"...."
d[64]=".......#..'..$........!..".."......... .....'.................."
28 Feb 01 22:09:40 tcp xx.yyy.zz.aa.1163 -> xxx.yyy.z.qq.23 EST
28 Feb 01 22:09:40 tcp xx.yyy.zz.aa.2263 ?> xxx.yyy.z.qq.23 EST
28 Feb 01 22:09:36 tcp xxx.yyy.zzz.aaa.1056 -> xxx.yyy.z.qq.23 EST
28 Feb 01 22:09:49 tcp xxx.yyy.aaa.aa.1173 ?> xxx.yyy.zz.qq.23 EST
28 Feb 01 22:09:45 tcp xxx.yyy.z.qq.49263 -> xxx.yyy.zz.qq.23 EST
Obviously, there are a number of flows in progress here, but only that
first one reported any userdata captured. If I had to make a guess,
it's only capturing the *first* 64 bytes (in my case) of a new
connection.
Is this correct?
Thanks,
Scott
More information about the argus
mailing list