radump(1)

1RADUMP(1)                   General Commands Manual                  RADUMP(1)
2
3
4

NAME

6       radump  -  tcpdump processing of the user data buffers from an argus(8)
7       data file/stream.
8
9

SYNOPSIS

11       radump -r argus-file [raoptions] [-- filter-expression]
12
13

DESCRIPTION

15       Radump reads argus data from an argus data stream or file,  and  prints
16       out tcpdump style decoding of the user data buffers.
17

OPTIONS

19       Radump,  like  all  ra  based  clients, supports a number of ra options
20       including filtering of input argus records through a terminating filter
21       expression.  See ra(1) for a complete description of ra options.
22
23

EXAMPLE INVOCATION

25       This  example dumps the user capture buffers of arp traffic seen in the
26       file.  When there is no user buffer, or if the decoder can;t decode it,
27       the length will 0.
28
29       % radump -r argus.file -s suser:64 duser:64 -N 5 - arp
30                                  srcUdata                                          dstUdata
31         s[38]="who-has 192.168.0.66 tell 192.168.0.68"        d[36]="192.168.0.68 is-at c8:2a:14:58:7a:55"
32         s[37]="who-has 192.168.0.1 tell 192.168.0.68"         d[36]="192.168.0.68 is-at 80:71:1f:3c:c3:88"
33         s[37]="who-has 192.168.0.1 tell 192.168.0.66"          d[0]=""
34         s[37]="who-has 192.168.0.1 tell 192.168.0.78"          d[0]=""
35         s[38]="who-has 192.168.0.34 tell 192.168.0.66"         d[0]=""
36
37       This  example  decodes  the user capture buffers of DNS traffic seen in
38       the file.
39
40       % radump -s stime pkts suser:64 duser:64 -r ~/argus/data/argus*00.out.gz - port domain
41             StartTime  TotPkts                                 srcUdata                                         dstUdata
42       17:48:36.589949        2  s[37]="48936+ [_] A? www.cylab.cmu.edu. (35)"          d[32]="48936 1/3/0 A 128.2.129.188 (64)"
43       17:48:36.590557        2  s[30]="3018+ [_] A? qosient.com. (29)"                 d[31]="3018 1/2/0 A 216.92.14.146 (64)"
44       17:48:36.708172        2  s[39]="27243+ [_] A? ajax.googleapis.com. (37)"        d[26]="27243 2/4/4 CNAME[|domain]"
45       17:48:36.776033        2  s[31]="45149+ [_] A? nsmwiki.org. (29)"                d[33]="45149 1/3/0 A 69.163.152.168 (64)"
46       17:48:36.776501        2  s[40]="51781+ [_] A? www.surveymonkey.com. (38)"       d[31]="51781 1/13/0 A 75.98.93.51 (64)"
47       17:48:36.776655        2  s[31]="38953+ [_] A? www.cmu.edu. (29)"                d[51]="38953 3/2/1 CNAME WWW-CMU.ANDREW.cmu.edu.,[|domain]"
48       17:48:36.777014        2  s[32]="64748+ [_] A? www.cert.org. (30)"               d[33]="64748 1/2/0 A 192.88.209.244 (64)"
49       17:48:36.978293        2  s[44]="53009+ [_] A? www.google-analytics.com. (42)"   d[27]="53009 17/4/4 CNAME[|domain]"
50
51       This example decodes the user capture buffers of HTTP traffic  seen  in
52       the file.
53
54       radump -s stime proto dport pkts suser:32 duser:32 -r ~/argus/data/argus*00.out.gz -L0 -N5 - port http
55             StartTime  Proto Dport  TotPkts                 srcUdata                            dstUdata
56       17:48:36.592155    tcp  http       27  s[32]="GET /research/cydat.html"  d[32]="HTTP/1.1 200 OK..Date: M"
57       17:48:36.632662    tcp  http       24  s[32]="GET /argus/ HTTP/1.1..Ho"  d[32]="HTTP/1.1 200 OK..Date: M"
58       17:48:36.705481    tcp  http       23  s[32]="GET /files/css/public.cs"  d[32]="HTTP/1.1 200 OK..Date: M"
59       17:48:36.705669    tcp  http       11  s[32]="GET /files/css/public_1c"  d[32]="HTTP/1.1 200 OK..Date: M"
60       17:48:36.705987    tcp  http       15  s[32]="GET /files/js/home.js HT"  d[32]="HTTP/1.1 200 OK..Date: M"
61
62

COPYRIGHT

64       Copyright (c) 2000-2016 QoSient. All rights reserved.
65
66

AUTHORS

68       Carter Bullard (carter@qosient.com).
69