Portrange Support in Argus?
Jason
dn1nj4 at gmail.com
Fri Apr 25 11:59:35 EDT 2014
Not something more, but I directly map argus filters to tcpdump filters
when performing bulk searches. I was mistakenly under the impression that
the clients were leveraging BPFs and it just surprised me today when ra
didn't support portrange. To be fair, I rarely use portrange. Basically I
guess I just need to translate the differences between the two.
Thanks again.
On Fri, Apr 25, 2014 at 11:49 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey Jason,
> If its in libpcap, then argus gets it for free. But bpf is only
> applicable to argus packet processing.
> For the rest of the argus filtering systems, not sure what you would
> want…we support:
>
> ra - port gte x and lte y
>
> is there something else that port range does ???
>
> Carter
>
> On Apr 25, 2014, at 8:45 AM, Jason <dn1nj4 at gmail.com> wrote:
>
> > Hi Carter,
> >
> > Are there any plans for argus to support the "portrange" bpf keyword? I
> could not find anything in the archives referencing it.
> >
> > Thanks!
> > dn1nj4
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140425/b39e09a5/attachment.html>
More information about the argus
mailing list