Problem with tcpdump filters

Alaios alaios at yahoo.com
Wed Dec 22 08:54:58 EST 2004


Ok.... Someone to tell me if the pipe works...
Except from the first question how i must execute the
tcpdump and what parameters are required for the
argus?

--- Peter Van Epp <vanepp at sfu.ca> wrote:

> 	As I recall from a previous question (although a
> quick look at the code
> at that time looked like it supported pipes during
> some circumstances but not
> when I tried it tcpdump input) that you would need
> to run tcpdump to a file 
> and then feed that to argus (that for sure will work
> in any case so is a good
> fall back position :-)).
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 
> On Tue, Dec 21, 2004 at 10:26:57AM -0800, Alaios
> wrote:
> > Xm.. that's a real problem...
> > Can u plz tell me how i can use the tcpdump and
> after
> > the argus in order to calculate the jitter on the
> > packets captured by the tcpdump? Should i use a
> pipe
> > e.x tcpdump <parameters> | argus <parameters> or i
> > must store everything to a file and read it
> > afterwards?
> > Thx
> > 
> > --- Peter Van Epp <vanepp at sfu.ca> wrote:
> > 
> > > 	Your problem likely is that argus doesn't
> support
> > > the full tcpdump 
> > > filter syntax, and I don't believe (although
> Carter
> > > would be the expert) that
> > > the ip[1] is supported. 
> > > 
> > > Peter Van Epp / Operations and Technical Support
> 
> > > Simon Fraser University, Burnaby, B.C. Canada
> > > 
> > > 
> > > On Tue, Dec 21, 2004 at 06:42:18AM -0800, Alaios
> > > wrote:
> > > > Hi... I face a problem with the argus and the
> > > filter
> > > > that i need to apply...
> > > > The following command 
> > > > tcpdump -i eth4 -vv ip[1]==0x28 with the
> filter
> > > works
> > > > fine..
> > > > The problem is that i cannot apply it to
> argus...
> > > > argus -d -M 0.01 -S 0.01 -i $1   -w my-AF1
> > > ip[1]==0x28
> > > > returns no packet...
> > > > 
> > > > I think that the problem is argus-oriented..
> > > because
> > > > the ra give me packets but ends with a no data
> > > seen
> > > > message
> > > > 
> > > > e.x
> > > > ....
> > > > skipped a bunch of lines
> > > > 
> > > > 
> > > > 
> > > > 04-12-21 16:41:04.496108        0.200060      
>   
> > > man 
> > > > pkts       604  bytes       629368  drops    
> 0 
> > > flows
> > > >    3         closed       0           CON
> > > > 04-12-21 16:41:04.696168        0.200053      
>   
> > > man 
> > > > pkts       714  bytes       743988  drops    
> 0 
> > > flows
> > > >    3         closed       0           CON
> > > > 
> > > > No data seen.
> > > > 
> > > > Plz suggest me something as fast a u can
> > > > 
> > > > 
> > > >
> __________________________________________________
> > > > Do You Yahoo!?
> > > > Tired of spam?  Yahoo! Mail has the best spam
> > > protection around 
> > > > http://mail.yahoo.com 
> > > 
> > 
> > 
> > 
> > 		
> > __________________________________ 
> > Do you Yahoo!? 
> > Yahoo! Mail - now with 250MB free storage. Learn
> more.
> > http://info.mail.yahoo.com/mail_250
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the argus mailing list