ra / racluster - filter on TCP options
Carter Bullard
carter at qosient.com
Fri Jun 7 13:36:01 EDT 2013
Hey Jon,
We definately know what the options are, but I don't have any
filter support right now.
I can add something like:
ra - tcpopt mss
I'll need some grammar suggestions for all the options we track,
which are:
Maxiumum Segment Size
Window Scale
Selective ACK OK
Selective ACK
TCP Echo
TCP Echo Reply
TCP Timestamp
TCP CC
TCP CC New
TCP CC Echo
Source Explicit Congestion Notification
Destination Explicit Congestion Notification
I can put this in pretty quick, once we figure out the syntax.
Carter
On Jun 6, 2013, at 6:14 PM, jdenton <jdenton at itcglobal.com> wrote:
> Hi Carter,
>
> Hope all is well.
> Working with some network gear that changes the TCP options on packets it processes, is it possible to filter
> in the argus-clients based on TCP header options?? i.e. All traffic where TCP option = 26 or 0x1A.
>
> Thanks,
> Jon
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130607/1349cc30/attachment.bin>
More information about the argus
mailing list