rapcap: build pcap file from Argus
VALLEY François 212846
francois.valley at cea.fr
Wed Mar 11 06:48:15 EDT 2015
Dear,
Sorry if this message is not technically about Argus development but I didn't find any Argus user specific mailing list.
We made a tool that we called "rapcap", based on the ratemplate in argus-client package. The goal of this tool is to output argus datas into a pcap file format.
Obviously, the resulting pcap file does not correspond to the original network packets as seen by argus, since many information are summarized and filtered by argus. However it can rebuild a good picture of the network flows and also some part of data payloads. It can be enough for some usage, such as processing the pcap into IDS detection systems (that was the first reason we made rapcap).
Not all kind of flow are supported by rapcap, only TCP, UDP, ICMP and ESP.
If you find any interest in this tool, you can get the source at the following url : http://www-moncube.cea.fr/doku.php/en:rapcap:rapcap
Any feedback or comment will always be welcomed !
Best regards,
François
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150311/513fff8b/attachment.html>
More information about the argus
mailing list