MAC addresses and ra timestamps
poncenby smythe
smythe at poncenby.plus.com
Tue Oct 17 15:05:22 EDT 2006
list,
i have a pcap file in which i can clearly see mac addresses for each
endpoint.
i run this command:
argus -r dump.pcap -w dump.data
then run this command to see the normal ra output but with mac
addresses also:
./ra -r argus.data -s +smac +dmac
no MAC fields are appended to the output, i've tried it printing just
the smac and dmac pair and nothing is printed at all.
a separate issue....
could someone tell me how to manipulate the stime and ltime fields,
so I can get the date as well as the time.
i've read the man pages, honest!
many thanks in advance
On 17 Oct 2006, at 06:58, CS Lee wrote:
> Hey all,
>
> I would like to use racount to generate the general overall
> statistic based on protocol, while in man page it says that racount
> -M proto will do the job, however for me it just doesn't work and
> it apparently sum up all the protocols and show the result of
> everything. Then I try to us the common method - filter expression,
>
> racount -r data.argus - tcp
> racount -r data.argus - icmp
> racount -r data.argus - udp
>
> It shows correctly which is what I want, I try to check on racount -
> h and apparently it doesn't show anything about -M either, thus I'm
> wondering any modes are supported by racount because it may confuse
> people who use it for the first time or do we need an update for
> the man page :)
>
> Cheers all :)
>
> --
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>
More information about the argus
mailing list