another 'how do I do this' post!
Stewart Gray
Stewart.Gray at safecom.co.nz
Wed Apr 23 23:17:00 EDT 2008
Hey guys,
I'm wanting to show a list of hosts that x.x.x.x has talked to, and on
what ports. On the flipside, I also wan't to see what hosts have talked
to that same host. I'm on the right track with 'racluster -r file.arg -n
-s saddr daddr proto dport - host x.x.x.x' but this shows duplicate
entries for the same communication, do I need to use rasort as well to
get it to summarise some of the information?
I don't wan't to see the below communication 4 times for example, i'd
prefer it to be summarised as one entry.
192.168.0.1 192.168.10.5 tcp 1050
192.168.0.1 192.168.10.5 tcp 1050
192.168.0.1 192.168.10.5 tcp 1050
192.168.0.1 192.168.10.5 tcp 1050
I'm looking to locking down a firewall policy for a particular host and
I'd like to know what it currently communicates with.
I'll add the command needed to the wiki.
Cheers,
Stew
#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080424/24b7a32e/attachment.html>
More information about the argus
mailing list