Omitting data with dir = <?>
Carter Bullard
carter at qosient.com
Mon Dec 3 09:25:59 EST 2007
Hey Wolfgang,
The ? is caused by not seeing the tcp syn or synack, so ...
-- (syn or synack) or not tcp
Should do the trick.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: wob at swobspace.de (Wolfgang Barth)
Date: Fri, 30 Nov 2007 17:45:21
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] Omitting data with dir = <?>
Hi,
I want to omit records with unknown direction (dir = <?>). How can I filter
out such records with ra?
Wolfgang
--
<wob (at) swobspace de> * http://www.swobspace.de
More information about the argus
mailing list