Filtering Portrange
carter at qosient.com
carter at qosient.com
Wed Nov 1 06:21:54 EST 2006
Try something like:
ra -r file - dst port \( gt 1024 and lt 2048 \)
Most filter objects that compare numerics can handle 'lt', 'gt', 'eq' like descriptors.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: "CS Lee" <geek00l at gmail.com>
Date: Wed, 1 Nov 2006 16:39:16
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] Filtering Portrange
Hey all,
Is it possible to perform flow filtering on certain port range which I think very useful when we need to analyse passive ftp flow in place. Tcpdump on bsd platform offers portrange filter and I can't find any similar in argus or anyone knows the trick that can share. Thanks.
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
More information about the argus
mailing list