Confirming Argus accuracy
Andrew Pollock
andrew-argus at andrew.net.au
Mon Oct 14 08:55:23 EDT 2002
On Mon, Oct 14, 2002 at 07:29:56AM -0400, Carter Bullard wrote:
> Hey Andrew,
> Yes, argus can read tcpdump formatted files, so
> you can validate the argus results by looking at the
> packets themselves and comparing with the argus output.
>
> If you do find any inconsistency, please don't hesitate
> to send some mail to the list. The best way to fix
> any bug that you may turn up is to make your packet
> capture files that demonstrate the bug available to
> the list. If that would be possible, that would be
> excellent!!!
I suspect the problem is my filter rule in the query I'm using. I might
ask some dumb pcap filter questions of the list tomorrow.
Andrew
More information about the argus
mailing list