/*
 * Argus-5.0 Client Software. Tools to read, analyze and manage Argus data.
 * Copyright (c) 2000-2024 QoSient, LLC
 * All rights reserved.
 *
 * THE ACCOMPANYING PROGRAM IS PROPRIETARY SOFTWARE OF QoSIENT, LLC,
 * AND CANNOT BE USED, DISTRIBUTED, COPIED OR MODIFIED WITHOUT
 * EXPRESS PERMISSION OF QoSIENT, LLC.
 *
 * QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
 * SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER
 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
 * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 * THIS SOFTWARE.
 *
 *  radump -  decode argus record captured user data
 *  
 *  Author: Carter Bullard carter@qosient.com
 */


This directory contains source code for radump.1, an example program that
processes the user data found in argus records, and decodes them using
the style of tcpdump.

The basic idea is that argus has parsed all the traditional transport
headers, TCP, UDP, ICMP, etc ... and the payload data that argus can
capture is a binary copy of the data in the packet found just after these
transport headers.  Tcpdump, has printing routines for payloads, generally
categorized by transport protocol type and port numbers.  Because this
data is available in argus flow status records, the tcpdump " printers "
can be used, with only minor modification.

Because argus data usually does not capture the complete packet payload,
the routines must ensure that they deal with truncation well.  Tcpdump
generally does a great job at this.

Radump.1 is an example, and as such, you should be able to add your own
decoders, pretty quickly.  Use one of the ones provided in the example
as a guide.

See the manpage for radump.1 for details.
