Question about Filtering Argus Data
Chungen Li
jiafei427 at gmail.com
Fri Jun 13 05:38:28 EDT 2014
Yeah, It does produce things like that.
]$ ra -s +sbytes +dbytes -S 127.0.0.1:3434 - port 80
StartTime Flgs Proto SrcAddr Sport Dir
DstAddr Dport TotPkts TotBytes State SrcBytes DstBytes
18:37:32.886331 * tcp 147.46.229.199.49681 ->
173.194.117.218.http 11 2148 FIN 2148 0
18:37:32.886404 * tcp 147.46.241.181.7598 ->
74.125.128.113.http 1 59 CON 59 0
18:37:32.886834 * tcp 147.47.80.205.55850 ->
74.125.10.108.http 389 25413 CON 25413 0
18:37:32.893333 * tcp 163.152.41.9.59471 ->
74.125.128.101.http 4 1237 CON 1237 0
18:37:32.893826 * tcp 210.98.16.45.39169 ->
74.125.10.147.http 87 6065 CON 6065 0
18:37:32.894123 * tcp 210.98.16.45.31087 ->
74.125.10.147.http 44 3580 CON 3580 0
18:37:32.896400 * tcp 155.230.78.80.50347 ->
173.194.126.174.http 2 1046 CON 1046 0
18:37:32.897470 * tcp 223.195.50.90.netas* ->
173.194.127.83.http 2 782 CON 782 0
18:37:32.898568 * tcp 164.125.62.18.55273 ->
173.194.115.216.http 1 59 CON 59 0
18:37:32.898664 * tcp 223.195.50.90.npep-* ->
74.125.128.190.http 12 1680 CON 1680 0
18:37:32.898778 * tcp 147.46.240.95.4288 ->
173.194.126.186.http 2 116 FIN 116 0
18:37:32.902106 * tcp 163.152.161.80.59323 ->
173.194.127.37.http 3 1476 CON 1476 0
18:37:32.902990 * tcp 163.152.161.80.59324 ->
173.194.127.37.http 3 1507 CON 1507 0
18:37:32.906319 * tcp 147.46.217.134.62199 ->
74.125.128.101.http 4 910 CON 910 0
18:37:32.907739 * tcp 147.47.245.81.53017 ->
173.194.117.218.http 2 116 FIN 116 0
18:37:32.908449 * tcp 163.152.132.183.54762 ->
74.125.10.107.http 449 28874 CON 28874 0
18:37:32.909148 * tcp 147.46.94.65.54441 ->
74.125.10.53.http 95 6426 CON 6426 0
18:37:32.916906 * tcp 143.248.134.144.37180 ?>
173.192.82.196.http 1 64 CON 64 0
18:37:32.917458 * tcp 163.152.3.57.43452 ->
173.194.38.89.http 2 116 FIN 116 0
18:37:32.918893 * tcp 114.70.7.202.36018 ->
173.194.117.141.http 2 1376 CON 1376 0
18:37:32.920544 * tcp 143.248.139.6.8884 ->
173.194.127.13.http 5 2120 CON 2120 0
18:37:32.920628 * tcp 163.152.3.57.mil-2* ->
173.194.38.89.http 2 116 FIN 116 0
18:37:32.921315 * tcp 143.248.176.59.bpdbm ->
173.194.127.13.http 1 59 CON 59 0
18:37:32.921444 * tcp 163.152.3.57.17282 ->
173.194.38.89.http 2 116 FIN 116 0
18:37:32.922530 * tcp 147.46.117.157.13795 ->
74.125.10.20.http 1466 98309 CON 98309 0
18:37:32.922752 * tcp 147.46.68.130.62992 ->
74.125.23.121.http 2 1216 CON 1216 0
18:37:32.923536 * tcp 147.47.213.141.50497 ->
74.125.128.136.http 1 59 CON 59 0
18:37:32.924606 * tcp 143.248.252.119.60661 ->
74.125.10.85.http 290 18792 CON 18792 0
18:37:32.925124 * tcp 163.152.163.102.14735 ->
74.125.128.157.http 2 725 CON 725 0
18:37:32.925237 * tcp 168.188.128.169.downt* ->
173.194.126.237.http 1 58 FIN 58 0
18:37:32.925276 * tcp 168.188.128.169.5257 ->
173.194.126.191.http 1 58 FIN 58 0
18:37:32.928290 * tcp 143.248.195.85.50734 ->
173.194.127.26.http 5 1586 CON 1586 0
18:37:32.928999 * tcp 163.152.14.77.60174 ->
203.192.147.140.http 33 2052 CON 2052 0
It's so weird..
On Fri, Jun 13, 2014 at 6:00 PM, Jesper Skou Jensen <
jesper.skou.jensen at uni-c.dk> wrote:
> On 13-06-2014 04:11, Chungen Li wrote:
>
> $ ../../argus/argus-clients-3.0.6.2/bin/ra -S 127.0.0.1:3434 - bytes gt
> 10
>
> But this never returns me any results, and I don't know why.
>
>
>
> What about something simple like:
>
> $ ../../argus/argus-clients-3.0.6.2/bin/ra -S 127.0.0.1:3434 - port 80
>
> Does that produce anything at all?
>
>
> Regards
> Jesper
>
--
*Best RegardsLi ChunGen, 李 春根, 리 춘근Department of Computer Science, POSTECH
PIRL 323
Mobile : +82-10-7522-5977 San 31, Hyoja-dong, Nam-gu
Email : jiafei427 at postech.ac.kr
<khaqanshati at postech.ac.kr>Pohang 790-784, Republic of Korea*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140613/580a9ea0/attachment.html>
More information about the argus
mailing list