Add hard-coded field to ra
jonas.b.kunze at stud.h-da.de
jonas.b.kunze at stud.h-da.de
Thu Jan 7 03:30:00 EST 2021
Hey everyone,
I am currently running some experiments with argus. For example, I take
pcaps, inject different attacks into the pcap, read the pcap with
argus/ra and send the results to a remote processing pipeline via ncat.
At this point I have to tell the remote peer which experiment is
currently being run, i.e. which attack was injected, so that the data is
stored correctly.
Pseudo code:
> argus -r genuine.pcap | ra "genuine" -c, | ncat $ip $port
> # Inject DDos Attack into genuine.pcap
> argus -r ddos.pcap | ra "ddos" -c, | ncat $ip $port
> # Inject PortScan Attack into genuine.pcap > argus -r portscan.pcap |
> ra "portscan" -c, | ncat $ip $port
Is there any way I can add a hard coded "label" field like that to the
argus data?
Thank you very much!
Jonas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20210107/70f893aa/attachment.html>
More information about the argus
mailing list