Extract DNS info from Flow

Rahimeh Khodadadi rahimeh.khodadadi at gmail.com
Sun Jun 30 02:55:11 EDT 2013 

I have a pcap file which have been converted to argus file, and Now I want
to extract DNS data from it.

Please help me what command do I write for this task?


On Sun, Jun 30, 2013 at 10:45 AM, John Gerth <gerth at graphics.stanford.edu>wrote:

> Did you turn on user data capture in argus itself...the default is not to
> capture data.
> The directive in /etc/argus.conf is:
>  ARGUS_CAPTURE_DATA_LEN=nnn
>
> also "... -udp ..." needs to be ".... - udp "
> --
> John Gerth      gerth at graphics.stanford.edu  Gates 378   (650) 725-3273
>
> On 6/29/13 9:22 PM, Rahimeh Khodadadi wrote:
> > Hi,
> >
> > When I run such a command it doesn't work.
> >
> > radump -r /usr/zero.argus -vvv  -s suser:128  duser:128 -udp and port
> domain
> >
> > s[0]=""
> > d[0]=""
> >     s[0]=""
> > d[0]=""
> >     s[0]=""
> > d[0]=""
> >     s[0]=""
> > d[0]=""
> >
> > Please help :((
> >
> >
> > On Wed, Jun 26, 2013 at 11:52 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com <mailto:rahimeh.khodadadi at gmail.com>> wrote:
> >
> >     Thanks alot,
> >
> >
> >     On Wed, Jun 26, 2013 at 8:12 AM, Matt Brown <matthewbrown at gmail.com<mailto:
> matthewbrown at gmail.com>> wrote:
> >
> >         Also try passivedns: https://github.com/gamelinux/passivedns
> >
> >
> >         Good luck,
> >
> >         Matt Brown
> >
> >
> >         On Tue, Jun 25, 2013 at 9:11 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com <mailto:rahimeh.khodadadi at gmail.com>> wrote:
> >
> >             Hi Carter,
> >
> >             Please help me to know how to extract DNS info and its flags
> from flow?! with filtering commands I couldn't do it.
> >             I need urgently,
> >
> >             Thanks in advance,
> >             Rahimeh
> >
> >
> >
> >
> >
> >     --
> >     With Best Regards
> >     Rahimeh Khodadadi
> >
> >
> >
> >
> > --
> > With Best Regards
> > Rahimeh Khodadadi
> >
>



-- 
With Best Regards
Rahimeh Khodadadi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130630/bef3e076/attachment.html>

More information about the argus mailing list