change in how -n works in ra
Desmond Irvine
desmond.irvine at sheridanc.on.ca
Fri Jun 14 12:57:30 EDT 2002
I'm running the latest beta (argus-2.0.6.beta.1) and I noticed that the
-n parameter for ra doesn't work as advertised any longer. From the ra
man page:
"-n Do not translate host and service numbers to names.
-nn will suppress translation of protocol numbers, as well. "
When I run ra with -n now this is what I see:
# ra -n -r argus
14 Jun 02 08:13:01 man version=2.0 probeid=3848370891
STA
14 Jun 02 11:59:01 tcp 80.0.aa.bb.21056 -> 142.55.xx.yy.1214
EST
14 Jun 02 12:00:01 tcp 64.0.aa.bb.4256 -> 142.55.xx.yy.www
RST
14 Jun 02 11:59:01 udp 66.163.aa.bb.1214 <->
142.55.xx.yy.1214 CON
14 Jun 02 11:59:00 tcp 142.55.xx.yy.1054 -> 213.248.aa.bb.www FIN
14 Jun 02 11:59:00 icmp 142.55.xx.yy <-> 206.248.aa.bb
ECO
14 Jun 02 11:59:00 tcp 142.55.xx.yy.1061 -> 209.185.aa.bb.www FIN
Only the hostnames are not translated the service numbers are - blah!
Using -nn nothing (hostnames, services or protocols) is translated as
expected. The last version of argus still supported -n as described in
the man page.
Desmond.
--
Desmond Irvine Security Analyst, Information Technology
Sheridan College Phone: 905-845-9430 x2035
1430 Trafalgar Road Fax: 905-815-4011
Oakville, ON L6H 2L1 EMail: desmond.irvine at sheridanc.on.ca
More information about the argus
mailing list