argus client obfuscation

Rafael Barbosa rrbarbosa at gmail.com
Sun Jan 22 13:48:14 EST 2012


I understand that not obfuscating data is the default behavior of most (if
not all) network monitoring tools. But I also think Clauss raised a valid
point: argus already obfuscate the data and changing the default behavior
could cause problems to some people.

In addition, I think adding some .rarc option would be enough to make
everyone happy.

Best regards,
Rafael Barbosa
http://www.ewi.utwente.nl/~barbosarr/



On Fri, Jan 20, 2012 at 6:25 PM, CS Lee <geek00l at gmail.com> wrote:

> hi Rafael,
>
> I think people may confuse about my thought, it is not about "I want the
> raw data" mindset, the internet community who uses libpcap based tools such
> as tcpdump, snort, argus do expect the default behavior of the tools are to
> capture and show the raw data(I think most people do use tcpdump, ngrep and
> the rest before coming into argus), people may be caught in surprise when
> they see it is obfuscated, I for one did see the obfuscation and quite
> confusing before but I was focusing on other side of issues so not really
> look into them.
>
> However with Carter mentioned it will be documented, I don't see it as
> problem, I just voice my opinion over here since we are living in the world
> of open source ;)
>
> Cheers ;]
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120122/d670378c/attachment.html>


More information about the argus mailing list