ragrep newbie question ?

[julien]

Hello,

I have a small problem with ragrep, that I recently begin to use
following this paper
http://www.rawpacket.org/anonymous/papers/Argus-PracticalBotNetDetection.pdf

When I launch the following request:

$ ragrep -z -i -e '(http|https|ftp|get|post|head)' -r $src_log - dst
port 80 or dst port 443 or dst port 8080
(same without filter)

I get nothing. $src_log is an argus file converted from a pcap (with argus)
In Ethereal, there is some http traffic and ragrep doesn't get it. why ?
bad command line, pcap conversion or something else ?

Thanks.
Best regards,

	Julien