rauserdata ... switches to use ?
carter at qosient.com
carter at qosient.com
Thu Sep 23 22:25:50 EDT 2010
Hey George,
The std.sig file is from an earlier version of argus, and the switches/flags have changed.
All switches are parsed in a routine in ./common/argus_util.c using getopt(). ArgusParseArgs().
"-d" is now used to daemonize client programs, for those clients that can be daemonized.
Not really much in the way of options.
I'll check the parsing problem when I get back to NYC tomorrow.
Carter
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: George Jones <fooologist at gmail.com>
Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
Date: Wed, 22 Sep 2010 11:26:43
To: <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] rauserdata ... switches to use ?
distributed std.sig says:
# Services fingerprint file, generated by:
# rauserdata -d16 -e encode32
with output like
Service: ftp tcp port 21 n = 1043 src =
"32323020 "
The -d16 appears to bomb when I use it.
>From a posting in the list, I see something like:
rauserdata -M encode 32
which gives output like
Service: netbios-ns udp port 137 n = 25 src = ".|@.........
FIF" dst = " "
which raservices appears not to like:
$ raservices -f protocol.sig -r foo.ra -s +label -L 0 -
raservices[12511]: 09-22-10 11:19:29 RaCreateSrvEntry: format error
Service: netbios-ns
What are the right set of flags to generate signature files?
Where would one look in the source to determine the unique flags accepted by
ra*
Thanks,
---George
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100924/107e9543/attachment.html>
More information about the argus
mailing list