Problem with tcpdump filters
Alaios
alaios at yahoo.com
Wed Dec 22 08:54:58 EST 2004
Ok.... Someone to tell me if the pipe works...
Except from the first question how i must execute the
tcpdump and what parameters are required for the
argus?
--- Peter Van Epp <vanepp at sfu.ca> wrote:
> As I recall from a previous question (although a
> quick look at the code
> at that time looked like it supported pipes during
> some circumstances but not
> when I tried it tcpdump input) that you would need
> to run tcpdump to a file
> and then feed that to argus (that for sure will work
> in any case so is a good
> fall back position :-)).
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> On Tue, Dec 21, 2004 at 10:26:57AM -0800, Alaios
> wrote:
> > Xm.. that's a real problem...
> > Can u plz tell me how i can use the tcpdump and
> after
> > the argus in order to calculate the jitter on the
> > packets captured by the tcpdump? Should i use a
> pipe
> > e.x tcpdump <parameters> | argus <parameters> or i
> > must store everything to a file and read it
> > afterwards?
> > Thx
> >
> > --- Peter Van Epp <vanepp at sfu.ca> wrote:
> >
> > > Your problem likely is that argus doesn't
> support
> > > the full tcpdump
> > > filter syntax, and I don't believe (although
> Carter
> > > would be the expert) that
> > > the ip[1] is supported.
> > >
> > > Peter Van Epp / Operations and Technical Support
>
> > > Simon Fraser University, Burnaby, B.C. Canada
> > >
> > >
> > > On Tue, Dec 21, 2004 at 06:42:18AM -0800, Alaios
> > > wrote:
> > > > Hi... I face a problem with the argus and the
> > > filter
> > > > that i need to apply...
> > > > The following command
> > > > tcpdump -i eth4 -vv ip[1]==0x28 with the
> filter
> > > works
> > > > fine..
> > > > The problem is that i cannot apply it to
> argus...
> > > > argus -d -M 0.01 -S 0.01 -i $1 -w my-AF1
> > > ip[1]==0x28
> > > > returns no packet...
> > > >
> > > > I think that the problem is argus-oriented..
> > > because
> > > > the ra give me packets but ends with a no data
> > > seen
> > > > message
> > > >
> > > > e.x
> > > > ....
> > > > skipped a bunch of lines
> > > >
> > > >
> > > >
> > > > 04-12-21 16:41:04.496108 0.200060
>
> > > man
> > > > pkts 604 bytes 629368 drops
> 0
> > > flows
> > > > 3 closed 0 CON
> > > > 04-12-21 16:41:04.696168 0.200053
>
> > > man
> > > > pkts 714 bytes 743988 drops
> 0
> > > flows
> > > > 3 closed 0 CON
> > > >
> > > > No data seen.
> > > >
> > > > Plz suggest me something as fast a u can
> > > >
> > > >
> > > >
> __________________________________________________
> > > > Do You Yahoo!?
> > > > Tired of spam? Yahoo! Mail has the best spam
> > > protection around
> > > > http://mail.yahoo.com
> > >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - now with 250MB free storage. Learn
> more.
> > http://info.mail.yahoo.com/mail_250
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the argus
mailing list