#Tool
Argus

#Link
https://openargus.org/

#Description
Argus is a data network transaction auditing tool that categorizes and tracks network packets that match the libpcap filter expression into a protocol-specific network flow transaction model. Argus reports on the transactions that it discovers, as periodic network flow data, that is suitable for historical and near real-time processing for forensics, trending and alarm/alerting.
Here, Argus is used as a tool to extract 120+ flow based features from the saved capture.

#Usage
It is used in two steps. First it converts the pcap file from the tcpdump folder into a .argus file. For this step, the following command using the argus program has been executed:

argus -r capture.pcap -w output.argus

After getting the argus file, the next step is to actually save only the wanted features. To achieve this, the following command using the ra (read argus data) program have been executed:

ra -r output.argus > output.csv

This command uses a .rarc configuration file to determine the output. In our case (see .rarc file), we have decided to save all the possible features.
Link to manuals: https://qosient.com/argus/manuals.shtml

#Input
capture_date.pcap  from tcpdump folder.

#Output
capture_date.argus in case a different output is wanted using the read argus (ra) program.
capture_date.csv as the final output file with all the possible features.

#Extra configuration files
.rarc with the used configuration to run the read argus (ra) program.
