Do you know how to read a pcap file continuously?

el draco eldraco at gmail.com
Tue Sep 17 08:12:28 EDT 2013


Hi list.

We need your help.
We have a lot of running pcap captures here that are storing the
packets in pcap files on the disk. These files are continuously
growing and we are using argus to analyze them.
(We can not change and use only argus, we need the pcaps)

We want to have argus read these pcap files and generate some output
(or a server port waiting for a client or write the data to files).
But argus should run continuously without stopping, like when it is
reading packets from the network. If new packets are added to the pcap
file, we want argus to find them.

I know that you can not use -r in argus and at the same time open a
port for listening requests.

Did any of you solve this before? How to continuously analyze a pcap file?

Also we can't run argus each time we need data, because in large files
it can take up to 5 minutes to read one pcap.

thanks a lot
sebas



More information about the argus mailing list