packet data capture in argus-clients.b37
David Ressman
davidr at portnoy.uchicago.edu
Thu Jan 2 16:27:30 EST 2003
Hi all,
I've been playing around with the argus-tools beta 37 package, and
everything appears to work well, except for one. For some reason,
it seems to be ignoring the user data capture fields when I ask it
to print them out with the "-d" option.
We make extensive use of this option in our production environment (an
argus-2.0.6b5 server feeding to an argus-2.0.6b1 client).
I installed the argus-clients package because there was lots of nifty
stuff in it that I wanted to try out, but when I tried to use the b37
ra client to read out an argus file written with the 2.0.6b1 client
(captured by the 2.0.6b5 server) with "ra -nr /some/argus.file -d 64",
I got all of the flow data, but the user data stuff just wasn't in the
output.
I tried using the b37 ra client to capture flow data from the 2.0.6b5
server, and that worked fine, but I still couldn't access any of the
user data, I know that the user data was definitely in the files
because I could read it with the 2.0.6b1 client. I just can't get
the b37 client to see the data.
Does anyone have any ideas as to what's happening?
Thanks,
David
--
David Ressman davidr at uchicago.edu
Network Security Center, The University of Chicago
PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
More information about the argus
mailing list