[argus]how can i get all the tcp syn request
Carter Bullard
carter at qosient.com
Fri Sep 3 16:29:01 EDT 2010
Hey Guys,
To get just tcp flows that had the syn:
ra -ZS xxx - syn
To get tcp flows that had the syn or the synack argus states:
ra -ZS xxx - syn or synack
To get flows that had tcp flags ack and push:
ra - ack and push
The "Z" flag by itself just modifies how the "state" field is printed.
Carter
On Sep 3, 2010, at 3:11 PM, Paul Schmehl wrote:
> --On Friday, September 03, 2010 14:44:37 +0800 shallwe19 <shallwe19 at gmail.com> wrote:
>
>>
>> sorry to interrupt you ,but will anybody tell me ,how can i get all the tcp
>> syn request .
>> it seems ,when i run " ra -ZS xxx",i got some udp request
>>
>> anyone can help me ?
>
> ra -Zs xxx"
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3681 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100903/e85a64ec/attachment.bin>
More information about the argus
mailing list