Argus 3.0 and Fedora 9
Carter Bullard
carter at qosient.com
Mon Mar 2 22:47:07 EST 2009
That is odd, as we just pass that string directly to the pcap
filter compiler, and if it compiles, we use it.
If you give argus a "-b" option, you should get the dump of
the pcap compiled filter. Is there any output with the (ip and not
icmp)
filter?
what version of libpcap are you using?
Carter
On Mar 2, 2009, at 7:12 PM, Mike Iglesias wrote:
> Carter Bullard wrote:
>> Hey Mike,
>> I use Fedora all the time. So what is the INTERFACE line in your
>> argus.conf file look like? It could be opening the wrong interface?
>
> It looks like it's some kind of change/problem with libpcap(?). The
> line to
> start argus on the Fedora 7/argus v2 system looked like this:
>
> /usr/local/argus/sbin/argus -d - \(ip and not icmp \)
>
> This worked with on F7, but not F9. If I change it to
>
> /usr/local/argus/sbin/argus -d - not icmp
>
> it works and generates output, both with argus v2 and argus v3.
> Weird...
>
>
> --
> Mike Iglesias Email: iglesias at uci.edu
> University of California, Irvine phone: 949-824-6926
> Network & Academic Computing Services FAX: 949-824-2270
>
>
Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
More information about the argus
mailing list