Fwd: BPF filter in Argus 2.0.5

Kjell Tore Fossbakk kjelltore at gmail.com
Fri Apr 25 05:03:42 EDT 2008


Sent to the wrong address.

---------- Forwarded message ----------
From: Kjell Tore Fossbakk <kjelltore at gmail.com>
Date: Fri, Apr 25, 2008 at 10:33 AM
Subject: Fwd: BPF filter in Argus 2.0.5
To: carter at qosient.com


Hello again.

As of now im using tcpdump to write to a fifo filepointer, and using argus
with option -r to read from that fifo. Then I am able to filter out port 80
and port 443, but surely there is a better way of doing this?

Cheers,
Kjell Tore Fossbakk


---------- Forwarded message ----------
From: Kjell Tore Fossbakk <kjelltore at gmail.com>
Date: Fri, Apr 25, 2008 at 9:49 AM
Subject: BPF filter in Argus 2.0.5
To: carter at qosient.com


Hello Mr Carter.

I'm running Argus Version 2.0.5, and im trying to exclude port 80 and port
443 from my  Argus sessions due to the massive amounts of sessions they
generate.

I start argus by running:

argus -i <interface> -w output -c -d ip and !(port 80 or port 443)
argus -i <interface> -w output -c -d ip and not port 80 and not port 443
argus -i <interface> -w output -c -d - ip and !(port 80 or port 443)
argus -i <interface> -w output -c -d - ip and not port 80 and not port 443

Neither of the commands above excludes port 80 and/or port 443 from my
output file.

Do you have any idea why this does not work?

Cheers,
Kjell Tore Fossbakk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080425/7a9083b4/attachment.html>


More information about the argus mailing list