argus user data buffer analysis

Carter Bullard carter at qosient.com
Thu Feb 12 12:33:41 EST 2009


Hey Oguz,
Well I am very interested in supporting this, and I'd like to keep
as much of the dialog on the mailing list as we can.

If we can go through each metric, one at a time, with some
priority, I can writeup a detailed email as to what is in argus to
support that specific metric, and what clients are needed to
process/generate a report, or the specific value.

Using that as a starting point, then we can identify what additional
work is needed, and what an operational tool for that metric
would look like.

I am primarily interested in near real-time classification, and
alert/alarms, so if we are contributing to that, then I will be
interested.

Carter

On Feb 10, 2009, at 2:55 PM, Oguz Yarimtepe wrote:

> On Mon, 2009-02-09 at 14:29 -0500, Carter Bullard wrote:
>>
>> How would you guys like to proceed in this area?  Do you want to
>> build
>> some
>> specific examples of classification?
>
> We were planning to implement the application level recognizers by  
> using
> the metrics defined at the paper. We will be needing the flow  
> attributes
> to calculate these metrics. I was planning to use argus to get the
> metrics and scapy (:) Python module) where necessary. So the total  
> work
> is aimed to collect the separated work at the paper to bring a new
> application that will help to characterize recorded traffic.
> There may be cases that we will need to define a new protocol metric
> values that is not mentioned at the paper. I think it is what you mean
> by "Do you want to build  some specific examples of classification?"  
> Can
> you open this a little.
>>
>> Hope all is well, and I look forward to working with you and others
>> on
>> this very
>> interesting topic!!!
>
>
> Our current problem is to test the results of our work and the flow
> record real values. So it can be good to use rauserdata and raservices
> for this issue, as a reliable point.
>
> Also we are not sure how to produce clean records for application  
> level
> protocols. We may create them manually or with a tool.
>>
> We will be happy if we can help you in some way. You better show some
> alternatives/examples that we can help eachother.
>
>> Carter
>
> Regards,
>
> Oğuz
>
>
>

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax






More information about the argus mailing list