ra appbytes
Carter Bullard
carter at qosient.com
Sun May 6 10:47:13 EDT 2007
Hey CS Lee,
Done. It will be in the release code, and on the server in a day or so.
Carter
On May 4, 2007, at 9:08 AM, CS Lee wrote:
> Carter,
>
> I know this argus is in code freeze state. But I would like to see
> this in argus client tools, I have recently been doing something on
> anomaly icmp flow, for example the icmp echo flow appbytes for
> windows is 40 bytes, for unix base is 64 bytes, hence I'm trying to
> look for all the icmp flow with appbytes greater than 64 bytes(for
> both src and dst), however I can only parse src bytes gte certain
> bytes but unable to do it using appbytes(this is more accurate in
> case ip options is introduced).
>
> I'm currently using awk for this purpose, even to compare the value
> between two field(src appbytes and dst appbytes(normal icmp echo
> flow should have same length for both request and reply)) and so
> forth. So I'm just asking if it can be implemented into argus
> client tools.
>
> I'm just presenting my idea here, cheers.
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
More information about the argus
mailing list