Argus SrcID And SrcID filtering
CS Lee
geek00l at gmail.com
Thu Dec 8 03:40:45 EST 2011
hi Carter,
I would like to assign network interface name as srcid for argus, however
in most condition 4 bytes looks enough, if I use freebsd and some of intel
nic, it does have ixgbe as nic name, can it change from 4 bytes to say 8
bytes instead.
By the way filtering by srcid is not working -
argus -mAJZRU 512 -i eth0/\"eth0\" -B 127.0.0.1 -P 561
ra -S URI://127.0.0.1:561 -s srcid saddr sport dir daddr dport - srcid
"eth0"
ra[13898]: 00:42:09.339847 srcid eth0 unknown
ra[13897]: 00:42:09.554215 srcid eth0 filter syntax error
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20111208/b85ed603/attachment.html>
More information about the argus
mailing list