Radium identify TLS handshakes?

James A. Robinson jim.robinson at gmail.com
Thu Mar 15 20:24:19 EDT 2018


Thank you for the fast and detailed reply.

I think your reply delves deeply into the analysis portion of the exercise,
which is actually a step beyond what I was even thinking about right now.
My immediate concern was not running out of disk space on the radium host
as it gathered flows from 1,000 hosts.

So I think what I'll try and do is apply some basic port/network filtering
similar to what you outlined to initially identify the hosts I'm interested
in, then collect the unfiltered flows on just those hosts to perform the
deeper analysis as you were outlining.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20180316/e5a36080/attachment.html>

More information about the argus mailing list