GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
RADUMP(1) FreeBSD General Commands Manual RADUMP(1)

radump - tcpdump processing of the user data buffers from an argus(8) data file/stream.

radump -r argus-file [raoptions] [-- filter-expression]

Radump reads argus data from an argus data stream or file, and prints out tcpdump style decoding of the user data buffers.

Radump, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options.

This example dumps the user capture buffers of arp traffic seen in the file. When there is no user buffer, or if the decoder can;t decode it, the length will 0.
% radump -r argus.file -s suser:64 duser:64 -N 5 - arp
                           srcUdata                                          dstUdata
  s[38]="who-has 192.168.0.66 tell 192.168.0.68"        d[36]="192.168.0.68 is-at c8:2a:14:58:7a:55"                    
  s[37]="who-has 192.168.0.1 tell 192.168.0.68"         d[36]="192.168.0.68 is-at 80:71:1f:3c:c3:88"                    
  s[37]="who-has 192.168.0.1 tell 192.168.0.66"          d[0]=""                                                        
  s[37]="who-has 192.168.0.1 tell 192.168.0.78"          d[0]=""                                                        
  s[38]="who-has 192.168.0.34 tell 192.168.0.66"         d[0]="" 

This example decodes the user capture buffers of DNS traffic seen in the file.

% radump -s stime pkts suser:64 duser:64 -r ~/argus/data/argus*00.out.gz - port domain
      StartTime  TotPkts                                 srcUdata                                         dstUdata                                  
17:48:36.589949        2  s[37]="48936+ [_] A? www.cylab.cmu.edu. (35)"          d[32]="48936 1/3/0 A 128.2.129.188 (64)"                        
17:48:36.590557        2  s[30]="3018+ [_] A? qosient.com. (29)"                 d[31]="3018 1/2/0 A 216.92.14.146 (64)"                         
17:48:36.708172        2  s[39]="27243+ [_] A? ajax.googleapis.com. (37)"        d[26]="27243 2/4/4 CNAME[|domain]"                              
17:48:36.776033        2  s[31]="45149+ [_] A? nsmwiki.org. (29)"                d[33]="45149 1/3/0 A 69.163.152.168 (64)"                       
17:48:36.776501        2  s[40]="51781+ [_] A? www.surveymonkey.com. (38)"       d[31]="51781 1/13/0 A 75.98.93.51 (64)"                         
17:48:36.776655        2  s[31]="38953+ [_] A? www.cmu.edu. (29)"                d[51]="38953 3/2/1 CNAME WWW-CMU.ANDREW.cmu.edu.,[|domain]"     
17:48:36.777014        2  s[32]="64748+ [_] A? www.cert.org. (30)"               d[33]="64748 1/2/0 A 192.88.209.244 (64)"                       
17:48:36.978293        2  s[44]="53009+ [_] A? www.google-analytics.com. (42)"   d[27]="53009 17/4/4 CNAME[|domain]"            

This example decodes the user capture buffers of HTTP traffic seen in the file.

radump -s stime proto dport pkts suser:32 duser:32 -r ~/argus/data/argus*00.out.gz -L0 -N5 - port http
      StartTime  Proto Dport  TotPkts                 srcUdata                            dstUdata                  
17:48:36.592155    tcp  http       27  s[32]="GET /research/cydat.html"  d[32]="HTTP/1.1 200 OK..Date: M"
17:48:36.632662    tcp  http       24  s[32]="GET /argus/ HTTP/1.1..Ho"  d[32]="HTTP/1.1 200 OK..Date: M"
17:48:36.705481    tcp  http       23  s[32]="GET /files/css/public.cs"  d[32]="HTTP/1.1 200 OK..Date: M"
17:48:36.705669    tcp  http       11  s[32]="GET /files/css/public_1c"  d[32]="HTTP/1.1 200 OK..Date: M"
17:48:36.705987    tcp  http       15  s[32]="GET /files/js/home.js HT"  d[32]="HTTP/1.1 200 OK..Date: M"

Copyright (c) 2000-2016 QoSient. All rights reserved.

Carter Bullard (carter@qosient.com).

ra(1), rarc(5), argus(8)
07 November 2000 radump 3.0.8

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.