flow extraction
CS Lee
geek00l at gmail.com
Tue Apr 21 01:36:55 EDT 2009
hi oguz,
Regarding your question about extracting http, ftp, ssh flow, you can do
that via port base filter,
ra -nr argus.out - tcp and port 80 (http)
ra -nr argus.out - tcp and port 22 (ssh)
ra -nr argus.out - tcp and port 20 or 21 (active ftp)
For passive ftp it is rather complicated, i have successfully extracted
passive ftp with user data captured here -
http://geek00l.blogspot.com/2007/04/argus-passive-ftp-data-channel.html
Then you can use -w to write them to another argus file. e.g,
argus-http.out, argus-ssh.out, etc.
I'm not too sured if i answer your question correctly but that's how i want
to extract them out, unless you are running certain services with diff port.
Cheers ;]
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090421/32f04572/attachment.html>
More information about the argus
mailing list