Argus 2.0 wishes

[Russell Fulton]

On Thu, 9 Mar 2000 09:29:13 -0800 (PST) Peter Van Epp <vanepp at sfu.ca> 
wrote:

> 	An additional 2.0 wish (and a 1.8 question!):
> 
> I'd like to see counts added to the icmp type. Currently we don't get an 
> indication (or I don't know how to query it if we do) for ICMP flows:

Yes please!  I had forgotten about that.

 
> 	Then there is a 1.8 question:
> 
> Thu 03/09 05:52:25 frag  ip  203.108.46.136        ->  142.58.230.123 54016 pk  1  ex    0  ob  156  max  156 TIM
> 
> 	What do the various fields in this frag mean? It doesn't seem to be 
> in the ra man page (and the source while obviously a source of the information
> is a likely to be a little time consuming). I expect these are the packets 
> that Neil is referring to when he says the perl script doesn't pick up 
> fragments (which indeed it won't because there are no obvious counts here and
> this may not even be in the parsing script yet).

I too have puzzled over the fields with Stevens on my lap -- I sort of 
got it figured out but was not confident that I had it right.  A short 
note from Carter to set us right would be great ;-)

This is one of many little improvement that have not made it into the 
man pages and I think it would be a good idea to make a list of them 
and then divide it up amongst those of us who are willing (count me in) 
and get the man pages up to date.

Carter has done a great job with the 1.8 code but, I suspect, like the 
rest of us (well me anyway -- I shouldn't speak for others ;-) he never 
quite makes it to the documentation despite the best of intentions.  

Hmmm... a short turorial would be useful for beginners too.

I would be happy to spend some time on this as my contribution to the 
project.

CHeers, Russell.