another newbie question
Peter Van Epp
vanepp at sfu.ca
Tue Jan 20 12:44:53 EST 2004
On Tue, Jan 20, 2004 at 12:06:04PM -0500, Kevin C Miller wrote:
> It's just the BPF language that tcpdump and others use.
>
> I would use 'not' instead of '!', e.g. "dst net 192.168.0.64 mask
> 255.255.0.192 and not net 192.168.1.0 mask 255.255.0.0"
>
> Also, 255.255.0.192 isn't a valid netmask. Do you mean 255.255.255.192 ?
>
> -Kevin
While not a valid netmask, argus will take it just fine. I use them
all the time to be selective about what subnets I want to select. In argus's
case it really is a selection mask rather than a conventional netmask. In
this case it will select parts of any of the class Cs in 192.168 (I'm too
lazy to figure out what 192 will work out to mask :-)). I expect the "not" for
"!" is the trick, I don't believe ! is valid (although I've never tried it).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list