Argus-info Digest, Vol 10, Issue 37
carter at qosient.com
carter at qosient.com
Wed Jun 21 19:46:11 EDT 2006
Looks good to me!! Argus is not just an IP flow monitor. You've some layer 2,3 and 4 flows.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: "CS Lee" <geek00l at gmail.com>
Date: Thu, 22 Jun 2006 06:25:14
To:argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Re: Argus-info Digest, Vol 10, Issue 37
Just try to run racluster on my argus file, however I get this result. Just out of curiosity the protocol field should be refer to the one in ip header which is one byte, or I maybe wrong -
racluster -nn -r /nsm/nsm- fcd.pcap.argus -m proto -s proto
88
41
17
6
1
24578
0
2054
racluster -r /nsm/nsm-fcd.pcap.argus -m proto -s proto
eigrp
ipv6
udp
tcp
icmp
decrc
llc
arp
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
More information about the argus
mailing list