Reversed udp addresses
Russell Fulton
r.fulton at auckland.ac.nz
Wed May 12 23:13:13 EDT 1999
Hi All,
this is a followup to the message I sent to the list earlier
today. I have been thinking about this a little more and another issue
has occurred to me.
Unless I am mistaken (always possible, even probable ;-) when the
server is not in detail mode and we have a udp flow which exchanged
data in both directions then there is no way of knowing who initiated
the exchange. i.e. who sent the first packet.
I assert that this is not a desirable state of affairs.
If I am right then the question remains: How best to tag the initiator
of udp flows?
One posibility would be to set the source and destination for the flow
from the first packet seen rather than on the magnitude of the port
numbers as argus does now.
Any other thoughts?
Cheers, Russell.
More information about the argus
mailing list