racount fix for FreeBSD
Carter Bullard
carter at qosient.com
Wed Jun 21 09:18:23 EDT 2006
Hey Richard,
Documentation is the bane of my existence. It's like you have
to account for what you've done, and I always see what isn't
finished, rather that what was completed. But, with the help
of all, hopefully it will get done.
You had asked about 64-bit machines and argus-3.0 earlier
in the year, and argus-3.0 is suppose to be 64 all things, so if
you still have an interest, could you test argus on some of your
amd hardware?
I suspect that in order to really test this stuff we'll need
a canonical packet capture file as a data source. Are there
any big packet capture files out there in the big bad world?
I found some trace archives in Japan that at least have
tcpdump() data that we can use.
Does anyone have a favorite source of data that we can
use as a test set?
Carter
On Jun 20, 2006, at 8:51 AM, Richard Bejtlich wrote:
>
> Hi Carter,
>
> Whatever you decide, documentation is much appreciated. I am sure I
> make life much harder for myself because I overlook many of Argus'
> cool yet obscure features.
>
> I am really excited to see Argus 3.0 on the way! This is sort of like
> Christmas for those of us who rely on session data.
>
> Sincerely,
>
> Richard
>
More information about the argus
mailing list