Extract DNS info from Flow
John Gerth
gerth at graphics.stanford.edu
Sun Jun 30 02:15:32 EDT 2013
Did you turn on user data capture in argus itself...the default is not to capture data.
The directive in /etc/argus.conf is:
ARGUS_CAPTURE_DATA_LEN=nnn
also "... -udp ..." needs to be ".... - udp "
--
John Gerth gerth at graphics.stanford.edu Gates 378 (650) 725-3273
On 6/29/13 9:22 PM, Rahimeh Khodadadi wrote:
> Hi,
>
> When I run such a command it doesn't work.
>
> radump -r /usr/zero.argus -vvv -s suser:128 duser:128 -udp and port domain
>
> s[0]=""
> d[0]=""
> s[0]=""
> d[0]=""
> s[0]=""
> d[0]=""
> s[0]=""
> d[0]=""
>
> Please help :((
>
>
> On Wed, Jun 26, 2013 at 11:52 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com <mailto:rahimeh.khodadadi at gmail.com>> wrote:
>
> Thanks alot,
>
>
> On Wed, Jun 26, 2013 at 8:12 AM, Matt Brown <matthewbrown at gmail.com <mailto:matthewbrown at gmail.com>> wrote:
>
> Also try passivedns: https://github.com/gamelinux/passivedns
>
>
> Good luck,
>
> Matt Brown
>
>
> On Tue, Jun 25, 2013 at 9:11 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com <mailto:rahimeh.khodadadi at gmail.com>> wrote:
>
> Hi Carter,
>
> Please help me to know how to extract DNS info and its flags from flow?! with filtering commands I couldn't do it.
> I need urgently,
>
> Thanks in advance,
> Rahimeh
>
>
>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
More information about the argus
mailing list