Filter issue

[George Van Osterom]

I'm using both argus and argus-client 3.08 on an Ubuntu14.04 x64 machine.

On Sun, Nov 30, 2014 at 1:46 PM, George Van Osterom <
george at effluxsystems.com> wrote:

> Hi Carter,
>
>
>
> I’m seeing some discrepancies with how the ra filtering is working… do you
> have any ideas as to the root cause, or a possible fix?
>
>
>
> You can see here that using ‘host 192.168.10.50’ works fine, it catches
> the three packets I’m sending
>
>
>
> # ra -S localhost:3333 - host 192.168.10.50
>
>
>
>          StartTime      Flgs  Proto            SrcAddr  Sport
> Dir            DstAddr  Dport  TotPkts   TotBytes State
>
>    13:28:45.013039  * s         tcp      192.168.10.50           ->
> 192.168.10.20.tcpmux        2        152   REQ
>
>    13:28:45.013050  *           arp      192.168.10.20          who
> 192.168.10.50               4        248   INT
>
>    13:28:45.013074  * s         tcp      192.168.10.50           ->
> 192.168.10.20.2             2        152   REQ
>
>    13:28:45.013082  * s         tcp      192.168.10.50           ->
> 192.168.10.20.3             2        152   REQ
>
>
>
> Now, the same packets being sent, adding a ‘src’ to the filter:
>
>
>
> # ra -S localhost:3333 - src host 192.168.10.50
>
>
>
> <<No records>>
>
>
>
> I’ve tried a few different variations, to include ()s and other logic, but
> can’t seem to get any results. Additionally, running the same ‘src host’
> bpf with tcpdump appears to work just fine. Any light you could shine on
> this would be appreciated, thank you!
>
>
>
> -George
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20141130/e62c016f/attachment.html>