Portrange Support in Argus?
Carter Bullard
carter at qosient.com
Fri Apr 25 12:31:12 EDT 2014
Well, I wouldn’t give up. We own our own filter compilers, so if you
can articulate the syntax and what you want it to do, we can probably
support it.
Carter
On Apr 25, 2014, at 8:59 AM, Jason <dn1nj4 at gmail.com> wrote:
> Not something more, but I directly map argus filters to tcpdump filters when performing bulk searches. I was mistakenly under the impression that the clients were leveraging BPFs and it just surprised me today when ra didn't support portrange. To be fair, I rarely use portrange. Basically I guess I just need to translate the differences between the two.
>
> Thanks again.
>
>
> On Fri, Apr 25, 2014 at 11:49 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey Jason,
> If its in libpcap, then argus gets it for free. But bpf is only applicable to argus packet processing.
> For the rest of the argus filtering systems, not sure what you would want…we support:
>
> ra - port gte x and lte y
>
> is there something else that port range does ???
>
> Carter
>
> On Apr 25, 2014, at 8:45 AM, Jason <dn1nj4 at gmail.com> wrote:
>
> > Hi Carter,
> >
> > Are there any plans for argus to support the "portrange" bpf keyword? I could not find anything in the archives referencing it.
> >
> > Thanks!
> > dn1nj4
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140425/ccce6180/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140425/ccce6180/attachment.bin>
More information about the argus
mailing list