[SecViz] source / destination confusion

Raffael Marty raffy at raffy.ch
Thu Oct 4 16:47:51 EDT 2012


Various ways to do it:

ragator -r file.argus - ... -c,

if you have an argus file already. Otherwise

argus -r file.pcap -w - | ragator -c,
argus -r file.pcap -w - | radump ... -c,

Or if you don't want to use ragator or radump, you can just use ra, I think. Lookup the commands to find the right command line to extract only the columns that you want.

Hope this helps



Raffael Marty
ceo @ pixlcloud http://pixlcloud.com
@raffaelmarty http://raffy.ch

On Oct 4, 2012, at 1:18 PM, Richard Feist <RFeist at pggwrightson.co.nz> wrote:

> I am just starting to use argus / afterglow , so playing catchup


> My immediate issue is “source / destination confusion” (thx marty) … anyone point me in the best direction to solving this with argus (3.0.6), im messing with racluster but not got it right yet ?


> richard





> PGG Wrightson is New Zealand’s leading provider to the agricultural sector. Please visit www.pggwrightson.co.nz for our wide range of products, services and solutions. This email is intended solely for the intended recipient and may be confidential. If you receive this email in error please immediately notify the sender and delete the email. Please consider the environment before printing this email


> _______________________________________________

> SecViz-Visualization mailing list

> SecViz-Visualization at secviz.org

> http://eight.pairlist.net/mailman/listinfo/secviz-visualization

More information about the SecViz-Visualization mailing list