Problem with tcpdump filters

Tue Dec 21 12:05:29 EST 2004

	Your problem likely is that argus doesn't support the full tcpdump 
filter syntax, and I don't believe (although Carter would be the expert) that
the ip[1] is supported. 

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Tue, Dec 21, 2004 at 06:42:18AM -0800, Alaios wrote:
> Hi... I face a problem with the argus and the filter
> that i need to apply...
> The following command 
> tcpdump -i eth4 -vv ip[1]==0x28 with the filter works
> fine..
> The problem is that i cannot apply it to argus...
> argus -d -M 0.01 -S 0.01 -i $1   -w my-AF1 ip[1]==0x28
> returns no packet...
> 
> I think that the problem is argus-oriented.. because
> the ra give me packets but ends with a no data seen
> message
> 
> e.x
> ....
> skipped a bunch of lines
> 
> 
> 
> 04-12-21 16:41:04.496108        0.200060          man 
> pkts       604  bytes       629368  drops     0  flows
>    3         closed       0           CON
> 04-12-21 16:41:04.696168        0.200053          man 
> pkts       714  bytes       743988  drops     0  flows
>    3         closed       0           CON
> 
> No data seen.
> 
> Plz suggest me something as fast a u can
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 