Filtering Portrange
CS Lee
geek00l at gmail.com
Wed Nov 1 07:52:32 EST 2006
Carter,
I were using the similar filter but messing out the grouping, it works now.
Thanks a lot.
On 11/1/06, carter at qosient.com <carter at qosient.com> wrote:
>
> Try something like:
> ra -r file - dst port \( gt 1024 and lt 2048 \)
>
> Most filter objects that compare numerics can handle 'lt', 'gt', 'eq' like
> descriptors.
>
> Carter
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> -----Original Message-----
> From: "CS Lee" <geek00l at gmail.com>
> Date: Wed, 1 Nov 2006 16:39:16
> To:argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] Filtering Portrange
>
> Hey all,
>
> Is it possible to perform flow filtering on certain port range which I
> think very useful when we need to analyse passive ftp flow in place. Tcpdump
> on bsd platform offers portrange filter and I can't find any similar in
> argus or anyone knows the trick that can share. Thanks.
>
> --
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>
>
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061101/0950c432/attachment.html>
More information about the argus
mailing list