[ARGUS] ra question (on FreeBSD/Sparc64)
Gill, James
james.gill at mci.com
Mon Dec 6 18:27:39 EST 2004
So ... here's some data in my argus.out file:
[box] /usr/local/argus> ra -nn -r argus.out - | tail -5
23 Oct 04 19:07:00 udp 200.42.108.205.3486 -> 2.4.5.111.1434 1
23 Oct 04 19:07:43 s tcp 66.77.61.80.2556 -> 2.4.5.14.3001 2
23 Oct 04 19:07:53 s tcp 66.77.61.80.2556 -> 2.4.5.14.3001 1
23 Oct 04 19:08:08 udp 209.79.46.76.3081 -> 2.4.5.223.1434 1
now if i want to look for just stuff to, say, port 3001:
[box] /usr/local/argus> ra -nn -r argus.out - port 3001
...what? no data? I know I have flows with dst port 3001! Why is this happening?
It seems that whatever I do, my "filter expression" causes ra to produce no
output. This works fine on my very similar i386 box, why not on the sparc?
I'm running this version, built from FreeBSD ports:
[box] /usr/local/argus> argus -v
Argus Version 2.0.6.fixes.1
Here's an important point of information:
[box] /usr/local/argus> uname -a
FreeBSD drain.donkeytech.net 5.3-BETA7 FreeBSD 5.3-BETA7 #0: Sat Oct 9 12:41:54
UTC 2004 jamgill at drain:/usr/obj/usr/src/sys/GENERIC sparc64
I'm pretty crunched for time until after the new year, but if anyone has
suggestions about what might be causing this and what to do to test, I'm all
ears.
Thanks,
--gill
-----------------------------------------------------
MCI/UUNET Network Security & Abuse * 1-800-900-0241,4
-----------------------------------------------------
v-net: desk = 806-3834 ; group = 806-8805
More information about the argus
mailing list