pcr filtering
CS Lee
geek00l at gmail.com
Sat Apr 19 10:20:26 EDT 2014
hi Carter,
I think I encountered same issue as jess regarding pcr filtering -
ra -nr test.arg3 -s saddr daddr pcr - 'pcr lt 0.5'
SrcAddr DstAddr PCRatio
192.168.221.1 192.168.221.128 -0.319952
192.168.221.1 192.168.221.128 -0.138358
192.168.221.1 192.168.221.128 0.814701
192.168.221.1 192.168.221.128 0.996873
192.168.221.1 192.168.221.128 1.000000
ra -b -nr test.arg3 -s saddr daddr pcr - 'pcr lt 0.5'
(000) ldb hdr[0]
(001) and #16
(002) jeq #0x10 jt 3 jf 6
(003) ldf hdr[360]
(004) jge #0.500000 jt 6 jf 5
(005) ret #150
(006) ret #0
Non-matching flow also shows up in the filter, by the way I'm using argus
client 3.0.7.23 on ubuntu linux.
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.com.my
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140419/d74f1e76/attachment.html>
More information about the argus
mailing list