Add hard-coded field to ra

jonas.b.kunze at jonas.b.kunze at
Thu Jan 7 03:30:00 EST 2021

Hey everyone,

I am currently running some experiments with argus. For example, I take 
pcaps, inject different attacks into the pcap, read the pcap with 
argus/ra and send the results to a remote processing pipeline via ncat. 
At this point I have to tell the remote peer which experiment is 
currently being run, i.e. which attack was injected, so that the data is 
stored correctly.
   Pseudo code:

> argus -r genuine.pcap | ra "genuine" -c, | ncat $ip $port

> # Inject DDos Attack into genuine.pcap
> argus -r ddos.pcap | ra "ddos" -c, | ncat $ip $port

> # Inject PortScan Attack into genuine.pcap > argus -r portscan.pcap | 
> ra "portscan" -c, | ncat $ip $port

Is there any way I can add a hard coded "label" field like that to the 
argus data?

Thank you very much!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the argus mailing list