User data

[Carter Bullard]

Yes.  Argus will capture the first x bytes of a flow.

Carter

> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Scott 
> A. McIntyre
> Sent: Thursday, March 01, 2001 12:58 AM
> To: Argus Mailing List
> Subject: Re: User data
> 
> 
> 
> > I have been playing with collecting user data with argus 
> and have a few 
> > comment, a problem and a question:
> > 
> 
> In playing with this for the last couple of weeks, I've noticed
> something a bit peculiar...namely, that it doesn't seem to 
> always work.
> here's an example of what I mean:
> 
> 28 Feb 01 22:09:38    tcp xxx.yyy.zzz.aaa.1025   ->      
> xxx.yyy.zz.qq.23 EST 
> 	
> s[64]="..#..$...9600,9600....'.......VT100................"...
> ..."...."  
> 	d[64]=".......#..'..$........!..".."......... 
> .....'.................."
> 28 Feb 01 22:09:40    tcp    xx.yyy.zz.aa.1163   ->      
> xxx.yyy.z.qq.23 EST
> 28 Feb 01 22:09:40    tcp    xx.yyy.zz.aa.2263   ?>      
> xxx.yyy.z.qq.23 EST
> 28 Feb 01 22:09:36    tcp xxx.yyy.zzz.aaa.1056   ->      
> xxx.yyy.z.qq.23 EST
> 28 Feb 01 22:09:49    tcp  xxx.yyy.aaa.aa.1173   ?>      
> xxx.yyy.zz.qq.23 EST
> 28 Feb 01 22:09:45    tcp    xxx.yyy.z.qq.49263  ->      
> xxx.yyy.zz.qq.23 EST
> 
> Obviously, there are a number of flows in progress here, but only that
> first one reported any userdata captured.  If I had to make a guess,
> it's only capturing the *first* 64 bytes (in my case) of a new
> connection.  
> 
> Is this correct?
> 
> Thanks, 
> 
> Scott
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010301/6da618ce/attachment.html>