tool to convert packet level pcap format to argus flow level data?
Peter Van Epp
vanepp at sfu.ca
Thu Jul 27 16:14:03 EDT 2006
On Thu, Jul 27, 2006 at 03:52:00PM -0400, George Nychis wrote:
> Hi,
>
> I was wondering if anyone has created any tools to convert packet level
> traces such as pcap format tcpdump data to argus flow level data?
>
> I'd greatly appreciate any help or suggestions.
>
> Thanks!
> George
Yep :-) argus -r file.tcp -w file.argus (for 2.0.6 substituting the
appropriate argus_bpf, argus_linux etc.). The argus daemon is perfectly happy
with tcpdump file input. As I recall on 2.0.6 there is a bug so that stdin
doesn't work but there is a patch around to fix it as well.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list