Argus 2.0 wishes
Peter Van Epp
vanepp at sfu.ca
Thu Mar 9 12:29:13 EST 2000
An additional 2.0 wish (and a 1.8 question!):
I'd like to see counts added to the icmp type. Currently we don't get an
indication (or I don't know how to query it if we do) for ICMP flows:
Thu 03/09 05:52:28 F icmp 203.108.46.136 <-> 142.58.230.123 1 1 ECO
I've got a packet count, but no indication of how many bytes were in
the packet (from the fragementation flag one would assume >1500 or a restricted
MTU somewhere but would like to know which).
Then there is a 1.8 question:
Thu 03/09 05:52:25 frag ip 203.108.46.136 -> 142.58.230.123 54016 pk 1 ex 0 ob 156 max 156 TIM
What do the various fields in this frag mean? It doesn't seem to be
in the ra man page (and the source while obviously a source of the information
is a likely to be a little time consuming). I expect these are the packets
that Neil is referring to when he says the perl script doesn't pick up
fragments (which indeed it won't because there are no obvious counts here and
this may not even be in the parsing script yet).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list