[ARGUS] Issues converting PCAPNG to Argus: New Argus file contains no data
Dave
dedelman at iname.com
Mon Oct 19 12:56:16 EDT 2020
It sometimes helps to make sure that the contents of a configuration file is not getting in the way. This is the command line that I use to slurp cap files YMMV
Argus -X -A -Z -m -R -J -U 2048 -r some.pcap -w some.output
—Dave
> On Oct 19, 2020, at 9:19 AM, Carter Bullard <carter at qosient.com> wrote:
>
> Hey David,
> It is clear that argus isn’t working, as the absolute minimum argus output file size must be at least 128 bytes.
> Where did your argus come from, what version, did you download it, compile it ??
>
> Let's get a known copy of argus and try to work with that … The latest version is argus-3.0.8.2. You can go to the openargus.org <http://openargus.org/> website, and use the hamburger icon -> ‘getting argus’ to download argus and the set of argus-clients.
>
> http://qosient.com/argus/src/argus-3.0.8.2.tar.gz <http://qosient.com/argus/src/argus-3.0.8.2.tar.gz>
> http://qosient.com/argus/src/argus-client-3.0.8.2.tar.gz <http://qosient.com/argus/src/argus-client-3.0.8.2.tar.gz>
>
> Build these and if you have any problems, keep sending email ...
> Carter
> <http://qosient.com/>
> Carter Bullard <mailto:carter at qosient.com>• Founder / CEO
> 250 E 53rd Street, Suite 501
> New York, New York 10022-5247
> Phone +1.212.588.9133 • Mobile +1.917.497.9494
>
>
>
>> On Oct 19, 2020, at 3:52 AM, David BALGOWAN <dbalgowa at our.ecu.edu.au <mailto:dbalgowa at our.ecu.edu.au>> wrote:
>>
>> Good Afternoon
>>
>> I am a member of a University group from Edith Cowan University in Western Australia
>>
>> We are currently undertaking a major project to find vulnerabilities in an IoMT device to build a dataset of successfull attacks that can be used by manufacturers of medical devices to test their devices for common vulnerabilities prior to release
>>
>> We have performed multiple attacks and captured all the attack data within pcapng file using Wireshark, The file is around 1.6G with over 7 million lines. Our professor requires us to perform analysis on the file and has recomended that we use Argus. However we are having technical issues with Argus. We are using Linux Debian Parrott
>>
>> when we convert the pcap file to argus using the command "argus -r merged.pcapng -w arus" a new file named argus is created however its total size is 4 bytes and without performing any analysis on it if we simply try to read it using ra -r packet.argus the terminal paused briefly, cursor moves down a line and the terminal prompt is shown again seeming to indicate the argus file to be empty. I have attached screenshots of converting the file, attempting to read the argus file and a screenshot of the file size
>>
>> Is their a size limit or line limit in Argus that is preventing Argus from being able to successfully convert the file to argus format?
>>
>> Apologies for sending this to both emails, however our assignment is due next week, i have been performing extensive research and unable to determine what the issue is and this final analysis is all that is left of the project
>>
>> <image.png>
>>
>> <image.png>
>>
>> Kind Regards
>> David Balgowan
>> Student
>> Edith Cowan University
>>
>>
>> This e-mail is confidential. If you are not the intended recipient you must not disclose or use the information contained within. If you have received it in error please return it to the sender via reply e-mail and delete any record of it from your system. The information contained within is not the opinion of Edith Cowan University in general and the University accepts no liability for the accuracy of the information provided.
>>
>> CRICOS IPC 00279B
>> RTO PROVIDER 4756
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20201019/f05d6ffa/attachment-0001.html>
More information about the argus
mailing list