Argus-info Digest, Vol 42, Issue 18
Carter Bullard
carter at qosient.com
Fri Feb 20 10:55:33 EST 2009
Hey Oguz,
What is up with that URL that put in your signature?
I'm linking that that is not a good thing.
Carter
On Feb 20, 2009, at 9:42 AM, Oguz Yarimtepe wrote:
> Hi,
>
>
> On Fri, Feb 20, 2009 at 4:08 AM, CS Lee <geek00l at gmail.com> wrote:
> hi oguz,
>
>
> What do you mean, do you mean retrieve the packets from pcap based
> on certain flows in the argus dump?
>
>
> I have offline tcpdump record. I am converting it to argus record
> and analyzing. I can see some flow information line by line when i
> used racluster. Lets say the second flow information is a
> bidirectional one. I want to make some further investigation on the
> second flow record. Lets say i want to investigate some payload
> distribution or calculate the ping-pong exchanges by checking the
> non empty packages and their payload information. I can do it by
> traversing on the packages if i know which packages are belong to
> the second flow record or if i somehow export it to a tcpdump file.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090220/bb7ddf85/attachment.html>
More information about the argus
mailing list