Time stamps in argus records
Russell Fulton
r.fulton at auckland.ac.nz
Thu Sep 23 00:23:30 EDT 1999
HI All,
A quick query about the argus time stamps: I had assumed that
for tcp traffic the start time was the start time for the session as a
whole but on examining real output from ra I see I am clearly mistaken.
So, what are the start and last times? Presumably the times for this
particular argus record.
I was looking for a way of detecting long running tcp sessions without
going to the bother of maintaining state info in the script which
postprocessed the ra output. I thought, that's easy just use -g but
the longest time I got was aprox 2 minute. Then I had a look at the ra
times for the sessions and realised they incremented each record.
Sigh...
Russell.
More information about the argus
mailing list