Argus-info Digest, Vol 42, Issue 18
Oguz Yarimtepe
comp.ogz at gmail.com
Fri Feb 20 09:42:29 EST 2009
Hi,
On Fri, Feb 20, 2009 at 4:08 AM, CS Lee <geek00l at gmail.com> wrote:
> hi oguz,
>
>
> What do you mean, do you mean retrieve the packets from pcap based on
> certain flows in the argus dump?
>
I have offline tcpdump record. I am converting it to argus record and
analyzing. I can see some flow information line by line when i used
racluster. Lets say the second flow information is a bidirectional one. I
want to make some further investigation on the second flow record. Lets say
i want to investigate some payload distribution or calculate the ping-pong
exchanges by checking the non empty packages and their payload information.
I can do it by traversing on the packages if i know which packages are
belong to the second flow record or if i somehow export it to a tcpdump
file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090220/1b757698/attachment.html>
More information about the argus
mailing list