Fwd: BPF filter in Argus 2.0.5
Pablo J. Rebollo-Sosa
Pablo.Rebollo at ece.uprm.edu
Fri Apr 25 06:17:51 EDT 2008
Kjell,
You can try "not port \( 443 or 80 \)". You can't use "and" because
both conditions need to be true.
Regards,
Pablo J. Rebollo
Kjell Tore Fossbakk wrote:
> Sent to the wrong address.
>
> ---------- Forwarded message ----------
> From: *Kjell Tore Fossbakk* <kjelltore at gmail.com
> <mailto:kjelltore at gmail.com>>
> Date: Fri, Apr 25, 2008 at 10:33 AM
> Subject: Fwd: BPF filter in Argus 2.0.5
> To: carter at qosient.com <mailto:carter at qosient.com>
>
>
> Hello again.
>
> As of now im using tcpdump to write to a fifo filepointer, and using
> argus with option -r to read from that fifo. Then I am able to filter
> out port 80 and port 443, but surely there is a better way of doing this?
>
> Cheers,
> Kjell Tore Fossbakk
>
>
> ---------- Forwarded message ----------
> From: *Kjell Tore Fossbakk* <kjelltore at gmail.com
> <mailto:kjelltore at gmail.com>>
> Date: Fri, Apr 25, 2008 at 9:49 AM
> Subject: BPF filter in Argus 2.0.5
> To: carter at qosient.com <mailto:carter at qosient.com>
>
>
> Hello Mr Carter.
>
> I'm running Argus Version 2.0.5, and im trying to exclude port 80 and
> port 443 from my Argus sessions due to the massive amounts of sessions
> they generate.
>
> I start argus by running:
>
> argus -i <interface> -w output -c -d ip and !(port 80 or port 443)
> argus -i <interface> -w output -c -d ip and not port 80 and not port 443
> argus -i <interface> -w output -c -d - ip and !(port 80 or port 443)
> argus -i <interface> -w output -c -d - ip and not port 80 and not port 443
>
> Neither of the commands above excludes port 80 and/or port 443 from my
> output file.
>
> Do you have any idea why this does not work?
>
> Cheers,
> Kjell Tore Fossbakk
More information about the argus
mailing list