ra appbytes
CS Lee
geek00l at gmail.com
Fri May 4 09:08:08 EDT 2007
Carter,
I know this argus is in code freeze state. But I would like to see this in
argus client tools, I have recently been doing something on anomaly icmp
flow, for example the icmp echo flow appbytes for windows is 40 bytes, for
unix base is 64 bytes, hence I'm trying to look for all the icmp flow with
appbytes greater than 64 bytes(for both src and dst), however I can only
parse src bytes gte certain bytes but unable to do it using appbytes(this is
more accurate in case ip options is introduced).
I'm currently using awk for this purpose, even to compare the value between
two field(src appbytes and dst appbytes(normal icmp echo flow should have
same length for both request and reply)) and so forth. So I'm just asking if
it can be implemented into argus client tools.
I'm just presenting my idea here, cheers.
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070504/b07400ea/attachment.html>
More information about the argus
mailing list