Detecting BitTorrent
John Gerth via Argus-info
argus-info at lists.andrew.cmu.edu
Tue Nov 10 09:40:26 EST 2015
Remember that a large transfer can take awhile to complete and is
will comprise more than one argus record if it spans multiple
reporting intervals. Tbat said, if you use the "-t" and "port" options
as recommended previously, you'll be focused on the right time
interval and will see a series of large transfers involving
the suspect local IP.
-----Oprindelig meddelelse-----
Fra: Argus-info [mailto:argus-info-bounces+jesper.skou.jensen=statens-it.dk at lists.andrew.cmu.edu] På vegne af Monah Baki via Argus-info
Sendt: 10. november 2015 04:44
Til: Harry Hoffman
Cc: Argus
Emne: Re: [ARGUS] Detecting BitTorrent
Hi Harry,
We are running Argus off a span port monitoring our internal core
switches, so we do see our internal IP flows.
Is there a way to just display downloads > 700MB??
Our logs are rotated on a daily basis, so we are looking at a 9GB size file
Thanks
Monah
More information about the argus
mailing list