Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

doc

advertisement 
A
rgus is the network Audit Record Generation and Utilization System, a Real Time
Flow Monitor that is designed to perform comprehensive data network traffic auditing.
“The Argus Open Project is focused on developing network activity audit strategies that can
do real work for the network architect, administrator and network user.”
Features of Argus:
-Argus currently runs on Linux
we use VMware Player run a virtual machine on Windows
Running Argus :Argus is run either as a persistant daemon, reading live packets from a
network interface, or as a user program, reading packets from a packet
capture file.
The default, i.e. when it is run without any configuration, is to run as a
daemon.
Commands to run argus argus -e `hostname` -P 561 -U128 -mRS 30 -w
$ARGUSHOME/argus.out then interface eth1 is up
Specify the source identifier for this argus. Acceptable values are numbers, hostnames or
ip address.
Specifies the <portnum =561> for remote client connection.
To capture 128 bytes of User data for each transaction.
-m To tell Argus to include the MAC addresses in each network
flow transaction report.
-r To cause Argus to generate response time data network flows.
This will generate more audit records per flow for flows like ICMP
echo request/response flows
-s  To have Argus generate status records for active network
flows every 30 seconds, which may be useful for some flow analysis
techniques.
Write transaction status records to $ARGUSHOME/argus.out
- Network Traffic Flows
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status
and performance of all network transactions seen in a data network traffic stream...
Commands of argus.
ra  parses and filters Argus data
1- ra (read Argus), is the principal program for reading and printing
Argus data.
 Ra –r filename
2- ra -nr $ARGUSHOME/argus.out -s saddr sport daddr dport
racluster  aggregates Argus data
3-
Use racluster() to generate the counts you are looking for:
 Racluster –m proto –r $ARGUSHOME/argus.out –s proto spkts dpkts
sbytes dbytes
Resort  sorts the output on an arbitrary field
4- rasort() sorts Argus data records, based on a large number of sorting
criteria. The criteria are: startime, lasttime, duration, srcaddr,
dstaddr, proto, sport, dport, stos, dtos, sttl, dttl, bytes,
srcbytes, dstbytes, packets, srcpackets and dstpackets.
rasort sorts based on the order of selection criteria on the command
line, which defines the sorting precedence.
 rasort -s dstaddr -s dport -s packets -r $ARGUSHOME/argus.out –
tcp
This will sort the tcp based transaction records that are in Argus
5-
parses and splits Argus data (time-based, for example)
 rabins -M time 5m soft zero -r $ARGUSHOME/argus.out
- Graphical Analysis
Argus also supports graphical analysis of your network data. For example, the following commands will give you a graphical analysis of the specified ports.
graphically illustrates an analysis of the protocols that are used in the “Protocol Distribution
on the Network” box by ragraph
Related documents
Lexington Corporate Properties Trust
Lexington Corporate Properties Trust
My powerpoint - WordPress.com
My powerpoint - WordPress.com
ARGUS HIGH SCHOOL 1 st Week of School Advisory
ARGUS HIGH SCHOOL 1 st Week of School Advisory
Vacancy: Javascript Developer
Vacancy: Javascript Developer
current event analysis
current event analysis
Argus Hardware and Software Complex for Detecting Computer
Argus Hardware and Software Complex for Detecting Computer
Data Management in Pharmacovigilance
Data Management in Pharmacovigilance
New Patient Information Sheet & consent form combined
New Patient Information Sheet & consent form combined
MACYS INC
MACYS INC
nucor corp - Washburn University
nucor corp - Washburn University
Argus Responds to Customer Needs With Tempest
Argus Responds to Customer Needs With Tempest
Simulating Human Users in Dynamic Environments A dissertation
Simulating Human Users in Dynamic Environments A dissertation
Download
advertisement