flow extraction
carter at qosient.com
carter at qosient.com
Tue Apr 21 09:04:15 EDT 2009
You need to put '()' appropriately :
tcp and port (20 or 21)
I suspect that the UDP traffic are all port 21?
Carter
------Original Message------
From: Oguz Yarimtepe
Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
To: CS Lee
Cc: Argus
ReplyTo: Argus
Subject: Re: [ARGUS] flow extraction
Sent: Apr 21, 2009 7:20 AM
On Tue, 2009-04-21 at 13:36 +0800, CS Lee wrote:
> hi oguz,
>
> Regarding your question about extracting http, ftp, ssh flow, you can
> do that via port base filter,
>
> ra -nr argus.out - tcp and port 80 (http)
> ra -nr argus.out - tcp and port 22 (ssh)
> ra -nr argus.out - tcp and port 20 or 21 (active ftp)
When i run these commands, i can see udp packages inside the argus flow.
Is this normal? If so why?
Sent from my Verizon Wireless BlackBerry
More information about the argus
mailing list