Filter issue

[George Van Osterom]

Hi Carter,



I’m seeing some discrepancies with how the ra filtering is working… do you
have any ideas as to the root cause, or a possible fix?



You can see here that using ‘host 192.168.10.50’ works fine, it catches the
three packets I’m sending



# ra -S localhost:3333 - host 192.168.10.50



         StartTime      Flgs  Proto            SrcAddr  Sport
Dir            DstAddr  Dport  TotPkts   TotBytes State

   13:28:45.013039  * s         tcp      192.168.10.50           ->
192.168.10.20.tcpmux        2        152   REQ

   13:28:45.013050  *           arp      192.168.10.20          who
192.168.10.50               4        248   INT

   13:28:45.013074  * s         tcp      192.168.10.50           ->
192.168.10.20.2             2        152   REQ

   13:28:45.013082  * s         tcp      192.168.10.50           ->
192.168.10.20.3             2        152   REQ



Now, the same packets being sent, adding a ‘src’ to the filter:



# ra -S localhost:3333 - src host 192.168.10.50



<<No records>>



I’ve tried a few different variations, to include ()s and other logic, but
can’t seem to get any results. Additionally, running the same ‘src host’
bpf with tcpdump appears to work just fine. Any light you could shine on
this would be appreciated, thank you!



-George
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20141130/8f238256/attachment.html>