argus
Argus is an IP transaction auditing tool that categorizes IP packets which match the boolean expression into a protocol-specific network transaction model. Argus reports on the transactions that it discovers, as they occur. Designed to run as a daemon, argus generally reads packets directly from a network interface, and writes the transaction status information to a log file or open socket connected to an argus client (such as ra(1)). Argus can also read packet information from tcpdump(1) , snoop(1) or NLANR's Moat Time Sequence Header raw packet files. Argus can also be configured to write its transaction logs to stdout. Argus provides access control for its socket connection facility using tcp_wrapper technology. Please refer to the tcp_wrapper distribution for a complete description.
History