Using Argus 3.0 ra to show packet details inside GRE
Richard Bejtlich
taosecurity at gmail.com
Tue Apr 15 11:36:42 EDT 2008
Hello everyone,
I am using Argus 3.0 with RC70 clients (yes, plan to update soon) on a
link that sees basically nothing but GRE traffic. I noticed Tcpdump
can decode GRE on the wire -- it shows the GRE IP headers and then the
encapsulated IP traffic within. (I haven't figured out how to use BPF
syntax on this GRE traffic to, say, show dest port 445 traffic,
however.)
Is there a way for Argus 3.0 to decode GRE? I can see the GRE IP
headers using ra but I'd rather see the encapsulated IP traffic.
I feel like I am missing something.
Thank you,
Richard
More information about the argus
mailing list