Examine the correctness of filter

Mon Dec 11 12:38:23 EST 2006

Hey CS,
Sorry I didn't respond.
The Argus record is defined in ./include/argus_out.h and ./include/ 
argus_def.h.
Carter

On Dec 3, 2006, at 8:17 PM, CS Lee wrote:

> Hey people,
>
> While reading ra -b output, I come across this -
>
> ra -b - tcp
> (000) ldb      [142]
> (001) and      #31
> (002) jeq      #0x1             jt 3    jf 5
> (003) ldb      [152]
> (004) jeq      #0x6             jt 8    jf 9
> (005) jeq      #0x2             jt 6    jf 9
> (006) ldb      [179]
> (007) jeq      #0x6             jt 8    jf 9
> (008) ret      #96
> (009) ret      #0
>
> While this seems not so complicated, however is there any reference  
> of argus data format that I can refer such as the one shown in  
> tcpdump -d which the correctness of filter can be confirmed by  
> looking at the packet headers.
>
> Thanks.
>
> -- 
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061211/e4fa498b/attachment.html>