pcr filtering
Carter Bullard
carter at qosient.com
Mon Apr 21 06:42:49 EDT 2014
Hey CS Lee,
Yes, I have a fix in the 24 code, just haven't had a chance to push it up. My fault, should get something up, hopefully today/tonight !!!
Carter
> On Apr 19, 2014, at 10:20 AM, CS Lee <geek00l at gmail.com> wrote:
>
> hi Carter,
>
> I think I encountered same issue as jess regarding pcr filtering -
>
> ra -nr test.arg3 -s saddr daddr pcr - 'pcr lt 0.5'
> SrcAddr DstAddr PCRatio
> 192.168.221.1 192.168.221.128 -0.319952
> 192.168.221.1 192.168.221.128 -0.138358
> 192.168.221.1 192.168.221.128 0.814701
> 192.168.221.1 192.168.221.128 0.996873
> 192.168.221.1 192.168.221.128 1.000000
>
> ra -b -nr test.arg3 -s saddr daddr pcr - 'pcr lt 0.5'
> (000) ldb hdr[0]
> (001) and #16
> (002) jeq #0x10 jt 3 jf 6
> (003) ldf hdr[360]
> (004) jge #0.500000 jt 6 jf 5
> (005) ret #150
> (006) ret #0
>
> Non-matching flow also shows up in the filter, by the way I'm using argus client 3.0.7.23 on ubuntu linux.
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.com.my
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140421/919c67f7/attachment.html>
More information about the argus
mailing list