More Questions

Chas DiFatta cd at ipwks.net
Thu Mar 25 11:51:34 EST 1999 

Please forgive me for joining the discussion late, but this has been
a hell of a few days.

You may be seeing the keepalives within ssh.  Depending on the reporting
period you have the daemon set to (default 120 sec for tcp) and ssh
it may appear that you have different type of argus records for the 
duration of your session.

	...cd

p.s. i can try to verify this

> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Kevin C Miller
> Sent: Tuesday, March 23, 1999 3:29 PM
> To: argus at lists.andrew.cmu.edu
> Subject: More Questions
> 
> 
> I have another question regarding date/time. I've been collecting stats
> on a low-bandwidth net for awhile and am just starting to play with the
> data. Yesterday we had a connection which first appears here:
> 
> rymon.net.cmu.edu# ra -r /home/argus/logs/lister.log.19990322 -c -n -t
> 03/22/99.8:35-03/22/99.8:40
> 
> [snip]
> Mon 03/22 08:39:32 *    tcp      128.2.6.64.33594  ->       128.2.6.2.22
>    15929  16572   2063955   3828550  CLO
> ---
> So apparently this is a 'normal' SSH connection except that there were
> packet retransmissions.
> 
> This is the first five minute period I see this, however I continue
> seeing it listed throughout the day, until the 18:25-18:30 period.
> 
> rymon.net.cmu.edu# ra -r /home/argus/logs/lister.log.19990322 -c -n -t
> 03/22/99.18:20-03/22/99.18:25
> 
> [snip]
> Mon 03/22 08:39:32 *    tcp      128.2.6.64.33594  ->       128.2.6.2.22
>    15929  16572   2063955   3828550  CLO
> 
> ---
> 
> So, does this indicate that packets from this transmission were being
> re-transmitted throughout the day?
> 
> Related Question: Is there any functionality at present to apply the
> time specified by -t only to the beginning of transactions? I would like
> to count transactions only once, and this seems like an appropriate way.
> If it isn't possible with the current release, I'll look into adding an
> option to do this.
> 
> Kevin
> 
> 
> 
> ====================================================================
> Kevin C. Miller   -   Carnegie Mellon University   -       Sophomore
> kevinm at abtech.org -   School of Computer Science   -    412-862-3487
> --------------------------------------------------------------------
>

More information about the argus mailing list