change in how -n works in ra
Carter Bullard
carter at qosient.com
Fri Jun 14 13:03:44 EDT 2002
Hey Desmond,
So if you run it with -nn do the ports and protocols both
go away? This is the behavior of the argus-clients distribution
of ra. 1 n takes out the hosts, 2 n takes out the hosts and
the dst ports,, and 3 n's take them all out. Is this reasonable?
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Desmond Irvine
> Sent: Friday, June 14, 2002 12:58 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: change in how -n works in ra
>
>
> I'm running the latest beta (argus-2.0.6.beta.1) and I
> noticed that the
> -n parameter for ra doesn't work as advertised any longer.
> From the ra
> man page:
>
> "-n Do not translate host and service numbers to names.
> -nn will suppress translation of protocol numbers, as well. "
>
> When I run ra with -n now this is what I see:
>
> # ra -n -r argus
> 14 Jun 02 08:13:01 man version=2.0 probeid=3848370891
> STA
> 14 Jun 02 11:59:01 tcp 80.0.aa.bb.21056 ->
> 142.55.xx.yy.1214
> EST
> 14 Jun 02 12:00:01 tcp 64.0.aa.bb.4256 ->
> 142.55.xx.yy.www
> RST
> 14 Jun 02 11:59:01 udp 66.163.aa.bb.1214 <->
> 142.55.xx.yy.1214 CON
> 14 Jun 02 11:59:00 tcp 142.55.xx.yy.1054 ->
> 213.248.aa.bb.www FIN
> 14 Jun 02 11:59:00 icmp 142.55.xx.yy <-> 206.248.aa.bb
> ECO
> 14 Jun 02 11:59:00 tcp 142.55.xx.yy.1061 ->
> 209.185.aa.bb.www FIN
>
> Only the hostnames are not translated the service numbers are - blah!
> Using -nn nothing (hostnames, services or protocols) is translated as
> expected. The last version of argus still supported -n as
> described in
> the man page.
>
> Desmond.
>
> --
> Desmond Irvine Security Analyst, Information Technology
> Sheridan College Phone: 905-845-9430 x2035
> 1430 Trafalgar Road Fax: 905-815-4011
> Oakville, ON L6H 2L1 EMail: desmond.irvine at sheridanc.on.ca
>
>
>
More information about the argus
mailing list