flow extraction
CS Lee
geek00l at gmail.com
Tue Apr 21 07:38:13 EDT 2009
hi oguz,
That's odd, do u have tcp in your filter, if just port it may include udp
On Tue, Apr 21, 2009 at 7:20 PM, Oguz Yarimtepe <comp.ogz at gmail.com> wrote:
> On Tue, 2009-04-21 at 13:36 +0800, CS Lee wrote:
> > hi oguz,
> >
> > Regarding your question about extracting http, ftp, ssh flow, you can
> > do that via port base filter,
> >
> > ra -nr argus.out - tcp and port 80 (http)
> > ra -nr argus.out - tcp and port 22 (ssh)
> > ra -nr argus.out - tcp and port 20 or 21 (active ftp)
>
> When i run these commands, i can see udp packages inside the argus flow.
> Is this normal? If so why?
>
>
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090421/c47c7828/attachment.html>
More information about the argus
mailing list