Size of first packet flow issue

Rahimeh Khodadadi rahimeh.khodadadi at gmail.com
Thu Jul 4 03:30:16 EDT 2013 

Thanks from all,

I want to capture traffic of some malware, so I want detect it in early
stage by some first packets of every flow.


On Thu, Jul 4, 2013 at 4:07 AM, John Gerth <gerth at graphics.stanford.edu>wrote:

> It doesn't sound like Argus will do what you want, but there are many
> network security tools available.  One useful collection is the
> "Security Onion" which you learn about and download from:
>    http://sourceforge.net/projects/security-onion/
>
> /John Gerth
>
> On 7/3/2013 7:51 AM, Rahimeh Khodadadi wrote:
> > I don't have a experince about OS finger printing?
> > Is there any tools? of course I know Wireshark but it gives just packet,
> not flow
> >
> >
> > On Wed, Jul 3, 2013 at 7:07 PM, Carter Bullard <carter at qosient.com<mailto:
> carter at qosient.com>> wrote:
> >
> >     No, argus can't do that.  Argus is a network audit system, not a
> packet capture system.
> >     There is no purpose in auditing the first X packets.
> >
> >     So your interested in OS fingerprinting?
> >     Carter
> >
> >
> >     On Jul 3, 2013, at 10:24 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com <mailto:rahimeh.khodadadi at gmail.com>> wrote:
> >
> >>     Hi,
> >>     Thanks for your reply.
> >>     But I want capture the 5 first packet of every flow instead of
> capturing all packets of them.
> >>     For example, if one TCP flow has 48 packet, it capture only 5 frist
> packet.
> >>     Is it possible in argus??
> >>
> >>
> >>     On Wed, Jul 3, 2013 at 6:13 PM, Carter Bullard <carter at qosient.com<mailto:
> carter at qosient.com>> wrote:
> >>
> >>         Hey Rahimeh,
> >>         No, you can get mean, max, min and stddevnof packet size, but
> not the first.  And we track  all the packets.
> >>
> >>         Carter
> >>
> >>         On Jul 3, 2013, at 3:40 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com <mailto:rahimeh.khodadadi at gmail.com>> wrote:
> >>
> >>>         Hi,
> >>>
> >>>         Is there nobody answer me??????
> >>>
> >>>
> >>>         On Sat, Jun 29, 2013 at 10:37 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com <mailto:rahimeh.khodadadi at gmail.com>> wrote:
> >>>
> >>>             Hi,
> >>>
> >>>             I want to capture first packet size of flow, is it
> possible acquire it  in Argus?
> >>>             And I want to capture just 4 packet of flow?
> >>>             Please help me.
> >>>
> >>>             --
> >>>             With Best Regards
> >>>             Rahimeh Khodadadi
> >>>
> >>>
> >>>
> >>>
> >>>         --
> >>>         With Best Regards
> >>>         Rahimeh Khodadadi
> >>>
> >>
> >>
> >>
> >>     --
> >>     With Best Regards
> >>     Rahimeh Khodadadi
> >>
> >
> >
> >
> >
> > --
> > With Best Regards
> > Rahimeh Khodadadi
> >
>



-- 
With Best Regards
Rahimeh Khodadadi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130704/9a827174/attachment.html>

More information about the argus mailing list