FW: [ARGUS] Get active connections
Richard Bejtlich
taosecurity at gmail.com
Mon Jun 28 16:44:12 EDT 2004
On Mon, 28 Jun 2004 11:53:28 -0400, Carter Bullard <carter at qosient.com> wrote:
>
> Andrew is right, ratop() is the example program to try on this
> point. Do this:
>
> ratop -S probe:port - tcp
Argus continues to amaze. I should pay more attention to the
functions bundled in the tarball!
I was wondering about the output I see. I'm reading in an argus file
being saved to disk. Why is the time and date information so weird?
ratop -n -r /nsm/argus/argus.arg
Source 229.97.122.203 Version 2.0 31/12/1969 07:00P up -12597 days,
-20:-40:-17 Far 60 secs Mar 300 secs
Incidentally, the 229... doesn't match anything I have.
I'm running this on FreeBSD:
uname -a
FreeBSD sensor 5.2.1-RELEASE-p8 FreeBSD 5.2.1-RELEASE-p8 #0: Fri Jun
4 15:08:25 EDT 2004 root at drury:/usr/obj/usr/src/sys/sensor i386
Argus is using the latest 2.0.6 fixes distro.
Any ideas?
Thank you,
Richard
More information about the argus
mailing list