NAME¶
rahosts - report network addresses in
argus(8) data.
COPYRIGHT¶
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS¶
rahosts [ra-options]
-M modes [
expression ]
DESCRIPTION¶
Rahosts reads
argus(8) data from an
argus data source, and
outputs a list of sorted network addresses. Based on user supplied criteria,
rahosts can generate lists of IP addresses and/or MAC addresses, if
available. With IP addresses,
rahosts can track the full network and
host address, or any network address, based on the
mode indicated.
Like all ra based clients,
rahosts supports a large number of options,
configuration through .rarc files, and input filtering using the terminating
filter
expression.
See the
ra(1) man page for details on
ra-options and
expression syntax.
RAHOSTS SPECIFIC OPTIONS¶
- -M mode
- Specify mode of operation. Supported address modes are ip,
ether and all address types. The default is to output
IP addresses. When IP Addresses are being processed, the network
address can be specified with the additional modes class,
classA, classB and classC.
EXAMPLES¶
By default,
rahosts will output the unique IP addresses seen in an argus
data stream. Using the -M mode options you can output all unique class B
network addresses that access the server narly.wave.com:
rahosts -r argus.data -M classB host narly.wave.com
Print the
ethernet addresses used to support the HTTP service.
rahosts -r argus.data -M ether dst port http
AUTHORS¶
Carter Bullard (carter@qosient.com).
SEE ALSO¶
ra(1),
rarc(5),