Hi all,

i want to record traffic for a period of time. currently i manage to have 4 sensor and 1 database server.all the traffic been collected and inserted into the databse by rasqlinsert.

i want to filter the traffic with the proto = arp, llc, loop ,ospf.

i know we can use "- ip proto not icmp " and "argus.out "not icmp" as filter. when i try to change the protocol to "ospf", argus run smoothly and read using ra doesnt show any ospf record. but when i try to change to llc, loop. argus simply did not start (check /var/run and using "ps aux | grep argus").


please guide me.

Thanks

Regards,
Peng