Rwhois testing
Jeff Weisberg
jaw+arguslist at tcp4me.com
Tue Apr 27 15:55:41 EDT 2004
| for rwhois testing, I've been using the method i suggested (in the
| archives).
|
| Recently, i became aware that under corrupt conditions, the rwhois server
| will display it's banner, but fail to produce any results when quering for
| an ip. I altered the method to readhow => "toeof", and i changed my config
| to:
| Service TCP/Rwhois {
| hostname: a.rwhois.broadviewnet.net
| send: 172.16.35.2\r\n
| expect: %ok
| }
|
| this seems to be working well; my question is: how can i merge these two
| together ?
| i.e. when my config reads:
| Service TCP/Rwhois {
| hostname: a.rwhois.broadviewnet.net
| }
| Argus shows the object down ...because TCP timeout: expecting
|
| tcp::rbuffer clearly has the banner -- can i do something in the Rwhois
| method to make the socket close while not impacting my new functionality?
I'm not sure I understand.
sometimes you want to connect and read the banner, other times you
want to send something and read until eof?
put the correct 'readhow: banner' or 'readhow: eof' in your config.
Service TCP/Rwhois {
hostname: a.rwhois.broadviewnet.net
readhow: banner
}
--jeff
More information about the Arguslist
mailing list