Very basic query... MAC address

[David Edelman via Argus-info]

This should work unless there is some conflict with the argus.conf file. I suggest that you use this command line

 

argus  -X -d -m -i dup:eth0,eth1 -P 561

The –X must be the first parameter.

I expect that you are using something like ra –S localhost:561 –s stime daddr saddr smac to display the output. 

Just a side note, you are not capturing netflow data but network flow data. Netflow is a Cisco protocol that would not have any MAC information. The smac and dmac fields are used to show the source and destination interface numbers for the netflow derived flows.

If none of this works, please post the output of this command

ra –S localhost:561 –N 20 –s +smac +dmac –L0

 

--Dave

 

 

 

From: Argus-info [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On Behalf Of Noman Muneer via Argus-info
Sent: Thursday, May 12, 2016 4:37 PM
To: Argus <argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Very basic query... MAC address

 

Hi,

A little information on what I am trying to do.

My organization has Aruba controllers however we do not have the ability to log the traffic. I will be placing a TAP in front of the Aruba controller and running Argus on a box to capture netflow data. I would like to capture the time, dst_ip, src_ip, and MAC address of src device. I have been able to capture all the data except for the MAC address on a test setup. 

The command I am using is as follows:

argus -d -m -i dup:eth0,eth1 -P 561

Am I doing something wrong? Or is my concept out-of-whack, so to speak?

Any feedback/guidance will be most appreciated indeed.

Thank you.

Kind Regards,

Noman Muneer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160512/bc7f3482/attachment.html>