Questions about payload buffers in argus

Digital Ninja dn1nj4 at gmail.com
Thu Mar 31 13:00:23 EDT 2011


Hi list,

When leveraging the argus -U option to capture user buffers, what is
the maximum amount of data that can be captured?  Is there a way to
store all payload information?

Second, when reading the user buffers back in, with ra -s +suser:XXXX,
has anyone experienced a segfault?  If I set XXXX to 4334 I get all of
the expected user buffers.  If however, I up that number to 4335 or
higher, I get a seg fault.  Ideally I'd like to see the entire buffer,
regardless of length.

Finally, are the user buffers printed out in binary format or are they
converted to straight ASCII (where all non-printable ASCII characters
are simply ".")?  If the latter, how can one get the actual hex values
from the buffers?

I am currently testing with v3.0.4.

Thanks in advance.



More information about the argus mailing list