Size of first packet flow issue
Carter Bullard
carter at qosient.com
Wed Jul 3 10:37:35 EDT 2013
No, argus can't do that. Argus is a network audit system, not a packet capture system.
There is no purpose in auditing the first X packets.
So your interested in OS fingerprinting?
Carter
On Jul 3, 2013, at 10:24 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com> wrote:
> Hi,
> Thanks for your reply.
> But I want capture the 5 first packet of every flow instead of capturing all packets of them.
> For example, if one TCP flow has 48 packet, it capture only 5 frist packet.
> Is it possible in argus??
>
>
> On Wed, Jul 3, 2013 at 6:13 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey Rahimeh,
> No, you can get mean, max, min and stddevnof packet size, but not the first. And we track all the packets.
>
> Carter
>
> On Jul 3, 2013, at 3:40 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com> wrote:
>
>> Hi,
>>
>> Is there nobody answer me??????
>>
>>
>> On Sat, Jun 29, 2013 at 10:37 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com> wrote:
>> Hi,
>>
>> I want to capture first packet size of flow, is it possible acquire it in Argus?
>> And I want to capture just 4 packet of flow?
>> Please help me.
>>
>> --
>> With Best Regards
>> Rahimeh Khodadadi
>>
>>
>>
>>
>> --
>> With Best Regards
>> Rahimeh Khodadadi
>>
>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130703/49f9a22b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130703/49f9a22b/attachment.bin>
More information about the argus
mailing list