linux conntrac as input for argus?
Carter Bullard
carter at qosient.com
Wed Apr 28 12:20:54 EDT 2010
Hey Torbjorn,
I looked at iptables a long time ago as a replacement to libpcap, but it was
less than useful, as it did not provide info on non-IP traffic. But that was a
long time ago.
Seems that you have to poll the kernel to get the data? Does it track sub-second
flows, and retain the information so when you poll, you actually see the connection?
Without that, I see it missing a lot of traffic?
Carter
On Apr 28, 2010, at 11:19 AM, Torbjorn.Wictorin at its.uu.se wrote:
> hello,
>
> it there any work done on using linux connection tracking as input for argus (via nfnetlink etc)?
>
> Torbjörn Wictorin,
> Uppsala university
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100428/d06abfb7/attachment.bin>
More information about the argus
mailing list