argus -U option
Carter Bullard
carter at qosient.com
Wed Jul 30 18:16:49 EDT 2008
Hey Will,
In each argus record, with the "-U x" option, there are x bytes
of user data for both directions that are captured and stored in
the record.
You print the value using the "-s +suser" option, and radump()
decodes the user data buffer just as tcpdump does, as if it was a
packet.
If you want to remove the user data, use rastrip -m -suser -m -duser,
or ranonymize, which removes the user data buffers.
Carter
On Jul 30, 2008, at 5:57 PM, Will Metcalf wrote:
> Does the -U option actually store user bytes somewhere in the argus
> record, or is it just telling argus to inspect x number of bytes from
> a packet?
>
> Regards,
>
> Will
>
More information about the argus
mailing list