ArgusEncode32() accepts little endian?
Matt Brown
matthewbrown at gmail.com
Mon Jul 15 13:15:28 EDT 2013
Carter,
Hope all is well. Last Thursday I started to look into reversing the
nDPI classes and creating an raservices() conf file from the byte
pattern classification definitions therein.
I struggled to understand the c notation, etc, but have arrived on the
question of whether or not ArgusEncode32() takes a little endian data
value as input and "outputs" this data expressed as a string made up
of its value in hex.
For instance, if I take a value from afp.c (within nDPI) and see
htons(0x0004), I can assume that when converted with ArgusEncode32(),
the "output" will be "00000004".
Out of this, I can then generate the "src=" or "dst=" portions of a
line for an raservices() conf file.
Is this correct?
Additionally, as for the syntax of the raservices() conf file, what
does the "n=" value mean?
Thanks,
Matt
More information about the argus
mailing list