Size of first packet flow issue
Jesse Bowling
jessebowling at gmail.com
Wed Jul 3 09:37:34 EDT 2013
Perhaps you're not using enough punctuation.... ;)
>From argus.conf:
# Argus can be configured to capture a number of user data
# bytes from the packet stream.
#
# The default value is to not generate this data.
#
# Commandline equivalent -U
#
ARGUS_CAPTURE_DATA_LEN=1480
That should do it. Note that this measurement is bytes, not packets. So if
you have 1480 bytes in the first packet, you'll only get the first packet.
If you have 1480 bytes in the first 10 packets, you'll have 10 packets
worth. There is no option (that I'm aware of) to capture based on number of
packets.
Please consider the following sites for additional information:
http://www.qosient.com/argus
(this one has some outdated info in it, but can give you some examples that
you can then research at the above site)
http://nsmwiki.org/Argus
Cheers,
Jesse
On Wed, Jul 3, 2013 at 3:40 AM, Rahimeh Khodadadi <
rahimeh.khodadadi at gmail.com> wrote:
> Hi,
>
> Is there nobody answer me??????
>
>
> On Sat, Jun 29, 2013 at 10:37 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com> wrote:
>
>> Hi,
>>
>> I want to capture first packet size of flow, is it possible acquire it
>> in Argus?
>> And I want to capture just 4 packet of flow?
>> Please help me.
>>
>> --
>> With Best Regards
>> Rahimeh Khodadadi
>>
>>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
>
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130703/38db4901/attachment.html>
More information about the argus
mailing list