mask command in ra?
Carter Bullard
carter at qosient.com
Sat Jun 22 11:42:27 EDT 2002
Hey David,
Actually, we have our own separate compiler, since the
ra* programs are filtering on argus record contents, not
packet contents.
This may be the better way of calling ra in this case:
ra -r /tmp/argus.out - net 192.168.0.0/24
The current 2.0.5 and 6.beta.x give this output with your
command:
ra -r /tmp/argus.out - host 192.248.0.0 mask 255.255.0.0
ra[29537]: Mask syntax for networks only
I'll make sure the new argus-clients man page has this
written up pretty well.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> David Nolan
> Sent: Friday, June 21, 2002 10:44 PM
> To: Peter Van Epp; argus
> Subject: Re: mask command in ra?
>
>
>
>
> --On Friday, June 21, 2002 7:19 PM -0700 Peter Van Epp
> <vanepp at sfu.ca>
> wrote:
>
> > I don't see the mask command in the ra man page and
> when I tried it
> > the results were odd.
> >
> > ra -r argus.out -c -n host 0.0.0.254 mask 0.0.0.255
> >
>
> I believe you want "net X.X.X.X mask Y.Y.Y.Y". When all else
> fails, look
> at the tcpdump manpage, which has much more complete
> documentations of the
> options (which are actually implemented by libpcap, if I
> recall correctly)
>
> -David Nolan
> Network Software Developer
> Computing Services
> Carnegie Mellon University
>
>
More information about the argus
mailing list