rahosts (1) - Linux Manuals

rahosts: report network addresses in argus(8) data.

NAME

rahosts - report network addresses in argus(8) data.

COPYRIGHT

Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

rahosts [ra-options] -M modes [ expression ]

DESCRIPTION

Rahosts reads argus(8) data from an argus data source, and outputs a list of sorted network addresses. Based on user supplied criteria, rahosts can generate lists of IP addresses and/or MAC addresses, if available. With IP addresses, rahosts can track the full network and host address, or any network address, based on the mode indicated.

Like all ra based clients, rahosts supports a large number of options, configuration through .rarc files, and input filtering using the terminating filter expression.

See the ra(1) man page for details on ra-options and expression syntax.

RAHOSTS SPECIFIC OPTIONS

-M mode
Specify mode of operation. Supported address modes are ip, ether and all address types. The default is to output IP addresses. When IP Addresses are being processed, the network address can be specified with the additional modes class, classA, classB and classC.

EXAMPLES

By default, rahosts will output the unique IP addresses seen in an argus data stream. Using the -M mode options you can output all unique class B network addresses that access the server narly.wave.com:

rahosts -r argus.data -M classB host narly.wave.com

Print the ethernet addresses used to support the HTTP service.

rahosts -r argus.data -M ether dst port http

AUTHORS

Carter Bullard (carter [at] qosient.com).

SEE ALSO

ra(1), rarc(5),