flow extraction
Oguz Yarimtepe
comp.ogz at gmail.com
Tue Apr 21 07:20:54 EDT 2009
On Tue, 2009-04-21 at 13:36 +0800, CS Lee wrote:
> hi oguz,
>
> Regarding your question about extracting http, ftp, ssh flow, you can
> do that via port base filter,
>
> ra -nr argus.out - tcp and port 80 (http)
> ra -nr argus.out - tcp and port 22 (ssh)
> ra -nr argus.out - tcp and port 20 or 21 (active ftp)
When i run these commands, i can see udp packages inside the argus flow.
Is this normal? If so why?
More information about the argus
mailing list