Argus-3.0.8.2 output values
Hasanen Alyasiri via Argus-info
argus-info at lists.andrew.cmu.edu
Mon Jan 23 10:08:08 EST 2017
Hi,
Best Wishes...
My issue is when I check my pcap file using Wireshark it clearly indicates
for me that in this file there is a Dport of value 433 but when I use argus
to read and extract Dport alongside other features it shows these values:
Dport
telnet
telnet
telnet
51996
50169
27711
0x4f52
0x4f52
https
telnet
49807
7547
36885
0x4f51
0x4f50
telnet
ntp
56685
49343
https
This is my extraction codes:
argus -w - -r file.pcap | \ra -nnr - -c ',' -s rank, stime, ltime, dur,
saddr, sport, daddr, dport, proto, stos, dtos, sttl, dttl, pkts, spkts,
dpkts, bytes, sbytes, dbytes, sload, dload, sloss, dloss, rate, dir,
sintpkt, dintpkt, sjit, djit, state, smeansz, dmeansz > file.csv
Or using
argus -r file.pcap -w file.argus
ra -Lo -s rank, stime, ltime, dur, saddr, sport, daddr, dport, proto, stos,
dtos, sttl, dttl, pkts, spkts, dpkts, bytes, sbytes, dbytes, sload, dload,
sloss, dloss, rate, dir, sintpkt, dintpkt, sjit, djit, state, smeansz,
dmeansz -r file.argus -c , > file.csv
I much appreciate your help.
Regards...
Hasanen Alyasiri
Research Student
Department of Computer Science
University of York
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20170123/c2bf724c/attachment.html>
More information about the argus
mailing list