Please help with filtering expresiions!
Carter Bullard
carter at qosient.com
Fri Jul 19 08:54:39 EDT 2002
Hey Oganes,
Seems that there is a bug that was introduced recently,
and an interesting one at that! I've included a
patch that fixes the problem and I'll have a new
beta up on the server today!!!
Thanks for the mail, and sorry of any inconvenience!
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street
Suite 18K
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
Index: ArgusSource.c
===================================================================
RCS file: /usr/local/cvsroot/argus/server/ArgusSource.c,v
retrieving revision 1.57
diff -r1.57 ArgusSource.c
120c120
<
---
> ArgusInputPacketFileType = ARGUSLIBPPKTFILE;
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Oganes Isaakyan
> Sent: Wednesday, July 17, 2002 2:48 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Please help with filtering expresiions!
>
>
> Hi!
> (Sorry if I'm writing to the wrong mailing list)
> I've played a little with Argus software and now I'm
> absolutely confused. It looks like argus wrongly interprets
> filtering expression given in the command line. I'm running
> Argus such way:
> argus -w ~/tmp.log -S 30 - \(ip host 10.0.0.1 and ether host
> 00:80:AD:0B:89:52\)
> and
> ra -r ~/tmp.log
> gives packets going to/from any address from/to 10.0.0.1 OR
> packets going from/to 00:80:AD:0B:89:52 to/from any address
>
> I've tried other brackets etc. combinations but they all work
> similarly. When tcpdump is called with this expression it
> outputs packets
> 10.0.0.1 <-> 10.0.0.2 (MAC addr. 00:80:AD:0B:89:52).
> May be I'm doing smth. wrong, or...?
>
> Thanks, Oganes
>
>
More information about the argus
mailing list