latest watcher script <fwd>
Carter Bullard
carter at qosient.com
Fri Aug 4 22:05:24 EDT 2000
Hey Russell,
The '*' means that the port value is zero. We use
zero when we merge Argus records together, so for ra()
a zero in a port field could represent a real zero or
a condition where it was several numbers merged together.
So we report a meta-character rather than the value.
Carter
-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Russell Fulton
Sent: Friday, August 04, 2000 9:08 PM
To: Argus (E-mail)
Subject: Re: latest watcher script <fwd>
HI All,
Anyone have any idea why the port in this line is reported with
a *. I'll patch my script to handle it but I do wonder what it means.
Russell
--- Begin Forwarded Message ---
Date: Fri, 4 Aug 2000 12:00:38 +0100
From: Neil Long <neil.long at computing-services.oxford.ac.uk>
Subject: Re: latest watcher script
Sender: Neil Long <neil.long at computing-services.oxford.ac.uk>
To: Russell Fulton <r.fulton at auckland.ac.nz>
Reply-To: Neil Long <neil.long at computing-services.oxford.ac.uk>
Message-ID: <1000804120039.ZM6935 at ratbert.oucs.ox.ac.uk>
Tell a lie
dstport in store = '*'
04 Aug 00 10:42:19 udp 163.1.227.164.1522 -> 211.44.120.11.*
TIM
Argument "*" isn't numeric in gt at ./watcher-newest.pl line 184, <RA>
chunk 13712.
well done - now what?
Cheers
Neil
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dr Neil J Long, Computing Services, University of Oxford
13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865
273275
EMail: Neil.Long at computing-services.oxford.ac.uk
PGP: ID 0xE88EF71F OxCERT: oxcert at ox.ac.uk PGP: ID 0x4B11561D
--- End Forwarded Message ---
More information about the argus
mailing list