Problem with tcpdump filters

Tue Dec 21 13:26:57 EST 2004

Xm.. that's a real problem...
Can u plz tell me how i can use the tcpdump and after
the argus in order to calculate the jitter on the
packets captured by the tcpdump? Should i use a pipe
e.x tcpdump <parameters> | argus <parameters> or i
must store everything to a file and read it
afterwards?
Thx

--- Peter Van Epp <vanepp at sfu.ca> wrote:

> 	Your problem likely is that argus doesn't support
> the full tcpdump 
> filter syntax, and I don't believe (although Carter
> would be the expert) that
> the ip[1] is supported. 
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 
> 
> On Tue, Dec 21, 2004 at 06:42:18AM -0800, Alaios
> wrote:
> > Hi... I face a problem with the argus and the
> filter
> > that i need to apply...
> > The following command 
> > tcpdump -i eth4 -vv ip[1]==0x28 with the filter
> works
> > fine..
> > The problem is that i cannot apply it to argus...
> > argus -d -M 0.01 -S 0.01 -i $1   -w my-AF1
> ip[1]==0x28
> > returns no packet...
> > 
> > I think that the problem is argus-oriented..
> because
> > the ra give me packets but ends with a no data
> seen
> > message
> > 
> > e.x
> > ....
> > skipped a bunch of lines
> > 
> > 
> > 
> > 04-12-21 16:41:04.496108        0.200060         
> man 
> > pkts       604  bytes       629368  drops     0 
> flows
> >    3         closed       0           CON
> > 04-12-21 16:41:04.696168        0.200053         
> man 
> > pkts       714  bytes       743988  drops     0 
> flows
> >    3         closed       0           CON
> > 
> > No data seen.
> > 
> > Plz suggest me something as fast a u can
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
> 

__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250