tool to convert packet level pcap format to argus flow level data?
George Nychis
gnychis at cmu.edu
Tue Aug 8 09:39:37 EDT 2006
Thanks Peter,
I have argus flow data captured from others in this format:
StartTime LastTime T port D
ort SrcPkt DstPkt SrcBytes DstBytes State
1104969276 1104969276 udp 0.2.132.134.54446 ->
97.153.58.99.21501 1 0 65 0 INT
I notice when I create the argus files with argus -r file.tcp -w
file.argus, its contents are unreadable to my human eye, and I'm sure
they are in some argus format. So I am wondering how I now convert this
argus file to human readable text in the format I have above?
Thanks!
George
Peter Van Epp wrote:
> On Thu, Jul 27, 2006 at 03:52:00PM -0400, George Nychis wrote:
>> Hi,
>>
>> I was wondering if anyone has created any tools to convert packet level
>> traces such as pcap format tcpdump data to argus flow level data?
>>
>> I'd greatly appreciate any help or suggestions.
>>
>> Thanks!
>> George
>
> Yep :-) argus -r file.tcp -w file.argus (for 2.0.6 substituting the
> appropriate argus_bpf, argus_linux etc.). The argus daemon is perfectly happy
> with tcpdump file input. As I recall on 2.0.6 there is a bug so that stdin
> doesn't work but there is a patch around to fix it as well.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
More information about the argus
mailing list