Please help with filtering expresiions!
Oganes Isaakyan
oganes at nd.ru
Wed Jul 17 14:48:07 EDT 2002
Hi!
(Sorry if I'm writing to the wrong mailing list)
I've played a little with Argus software and now I'm absolutely confused. It looks like argus wrongly interprets filtering expression given in the command line. I'm running Argus such way:
argus -w ~/tmp.log -S 30 - \(ip host 10.0.0.1 and ether host 00:80:AD:0B:89:52\)
and
ra -r ~/tmp.log
gives packets going to/from any address from/to 10.0.0.1 OR packets going from/to 00:80:AD:0B:89:52 to/from any address
I've tried other brackets etc. combinations but they all work similarly. When tcpdump is called with this expression it outputs packets
10.0.0.1 <-> 10.0.0.2 (MAC addr. 00:80:AD:0B:89:52).
May be I'm doing smth. wrong, or...?
Thanks, Oganes
More information about the argus
mailing list