Problem with tcpdump filters

Peter Van Epp vanepp at sfu.ca
Tue Dec 21 18:09:15 EST 2004 

	As I recall from a previous question (although a quick look at the code
at that time looked like it supported pipes during some circumstances but not
when I tried it tcpdump input) that you would need to run tcpdump to a file 
and then feed that to argus (that for sure will work in any case so is a good
fall back position :-)).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Tue, Dec 21, 2004 at 10:26:57AM -0800, Alaios wrote:
> Xm.. that's a real problem...
> Can u plz tell me how i can use the tcpdump and after
> the argus in order to calculate the jitter on the
> packets captured by the tcpdump? Should i use a pipe
> e.x tcpdump <parameters> | argus <parameters> or i
> must store everything to a file and read it
> afterwards?
> Thx
> 
> --- Peter Van Epp <vanepp at sfu.ca> wrote:
> 
> > 	Your problem likely is that argus doesn't support
> > the full tcpdump 
> > filter syntax, and I don't believe (although Carter
> > would be the expert) that
> > the ip[1] is supported. 
> > 
> > Peter Van Epp / Operations and Technical Support 
> > Simon Fraser University, Burnaby, B.C. Canada
> > 
> > 
> > On Tue, Dec 21, 2004 at 06:42:18AM -0800, Alaios
> > wrote:
> > > Hi... I face a problem with the argus and the
> > filter
> > > that i need to apply...
> > > The following command 
> > > tcpdump -i eth4 -vv ip[1]==0x28 with the filter
> > works
> > > fine..
> > > The problem is that i cannot apply it to argus...
> > > argus -d -M 0.01 -S 0.01 -i $1   -w my-AF1
> > ip[1]==0x28
> > > returns no packet...
> > > 
> > > I think that the problem is argus-oriented..
> > because
> > > the ra give me packets but ends with a no data
> > seen
> > > message
> > > 
> > > e.x
> > > ....
> > > skipped a bunch of lines
> > > 
> > > 
> > > 
> > > 04-12-21 16:41:04.496108        0.200060         
> > man 
> > > pkts       604  bytes       629368  drops     0 
> > flows
> > >    3         closed       0           CON
> > > 04-12-21 16:41:04.696168        0.200053         
> > man 
> > > pkts       714  bytes       743988  drops     0 
> > flows
> > >    3         closed       0           CON
> > > 
> > > No data seen.
> > > 
> > > Plz suggest me something as fast a u can
> > > 
> > > 
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Tired of spam?  Yahoo! Mail has the best spam
> > protection around 
> > > http://mail.yahoo.com 
> > 
> 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Yahoo! Mail - now with 250MB free storage. Learn more.
> http://info.mail.yahoo.com/mail_250

More information about the argus mailing list