strange packet patterns confusing argus
Russell Fulton
r.fulton at auckland.ac.nz
Mon Mar 14 16:42:58 EST 2005
On Mon, 2005-03-14 at 16:06 -0600, Nick Giordano wrote:
> I don't really expect Argus to be able to understand whats happening but
> is there a filter expression that can help me find these types of
> attempts? I don't think I can say ra -nnn -r * - tcp and src syn and
> src rst and ! dst synack.
>
> Is there anyway to find flows with a syn and reset from the source but
> no synack from the destination? Or for that matter, anyway at all to
> assign src or dst to the flag primitives?
I tend to do this sort of stuff the simple minded way by post processing
the -Zb output through perl.
Hmm... what does ragator do with these two sessions?
Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20050315/874588a9/attachment.bin>
More information about the argus
mailing list