Sub-IP Encapsulation
carter at qosient.com
carter at qosient.com
Mon Apr 30 07:03:02 EDT 2007
Hey CS Lee,
Yes, we should be able to handle the pflog packets. They aren't a new sub-IP protocol, they are a device type.
I'll put in print fields 'senc' and 'denc' to print them all. We already support filtering using the "[src | dst] encaps enctype" filter spec.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: "CS Lee" <geek00l at gmail.com>
Date: Mon, 30 Apr 2007 17:24:36
To:Argus <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] Sub-IP Encapsulation
Carter,
Regarding the Sub-IP Encapsulation, I'm curious whether it supports the packets that logged using openbsd pflog interface yet, I will pay some times to test it up and i hope it can be parsed by argus.
Another thing is, as you have used -z for the conection state changes, maybe you also do the same with the sub-IP encapsulation if multiple encapsulation, just record and show all the sub-IP encapsulation, starts from the left to right I mean if you want to have all the informations.
Just my thinking.
Thanks.
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
More information about the argus
mailing list