1.8.1 and 2.0.0n differences
Russell Fulton
r.fulton at auckland.ac.nz
Mon Oct 9 00:08:00 EDT 2000
Hi Carter,
Here is a short burst of traffic that got reported rather
differently by ra in two different versions of argus.
1.8.1 sets FINWAIT and RST, 2.0.0 just sets EST. What flags were really in
those packets I don't know :( I had thought that the FR records were generated
by lone RST packets in 1.8.
Aside: If anyone has any ideas about the significance of this traffic
I would be interested. I'm guessing that it is some kind of fallout
from an attack on 209.92.32.58 where packets with our address were
used but where the 255.255.255.255 record fits in I don't know.
BTW is there anyway we can suppress the usecs on the timestamp?
Cheers, Russell.
argus 1.8.1 ra and server:
09 Oct 00 15:45:27 tcp 209.92.32.58.23402 ?> 130.216.238.253.30286 1 0 0 0 FR
09 Oct 00 15:45:31 tcp 209.92.32.58.17675 ?> 130.216.114.162.56316 1 0 0 0 FR
09 Oct 00 15:45:31 tcp 209.92.32.58.20264 ?> 130.216.25.255.47516 1 0 0 0 FR
09 Oct 00 15:45:31 tcp 255.255.255.255.47516 ?> 209.92.32.58.20264 11 0 0 0 FR
09 Oct 00 15:45:32 tcp 209.92.32.58.39231 ?> 130.216.11.112.60519 1 0 0 0 FR
09 Oct 00 15:45:36 tcp 209.92.32.58.46564 ?> 130.216.73.78.36023 1 0 0 0 FR
09 Oct 00 15:45:39 tcp 209.92.32.58.62393 ?> 130.216.197.183.3900 1 0 0 0 FR
09 Oct 00 15:45:41 tcp 209.92.32.58.61339 ?> 130.216.219.164.34760 1 0 0 0 FR
09 Oct 00 15:45:43 tcp 209.92.32.58.18606 ?> 130.216.233.205.37246 1 0 0 0 FR
09 Oct 00 15:45:45 tcp 209.92.32.58.2192 ?> 130.216.148.72.31029 1 0 0 0 FR
09 Oct 00 15:45:49 tcp 209.92.32.58.61959 ?> 130.216.187.140.43743 1 0 0 0 FR
09 Oct 00 15:45:54 tcp 209.92.32.58.15817 ?> 130.216.101.153.56386 1 0 0 0 FR
09 Oct 00 15:45:55 tcp 209.92.32.58.39971 ?> 130.216.128.106.13535 1 0 0 0 FR
09 Oct 00 15:46:02 tcp 209.92.32.58.7927 ?> 130.216.218.159.42621 1 0 0 0 FR
09 Oct 00 15:46:03 tcp 209.92.32.58.57252 ?> 130.216.216.88.41852 1 0 0 0 FR
09 Oct 00 15:46:12 tcp 209.92.32.58.16216 ?> 130.216.209.234.59282 1 0 0 0 FR
09 Oct 00 15:46:16 tcp 209.92.32.58.4485 ?> 130.216.37.131.25495 1 0 0 0 FR
09 Oct 00 15:46:19 tcp 209.92.32.58.22294 ?> 130.216.47.108.50062 1 0 0 0 FR
09 Oct 00 15:46:19 tcp 209.92.32.58.23073 ?> 130.216.177.48.9923 1 0 0 0 FR
09 Oct 00 15:46:21 tcp 209.92.32.58.19954 ?> 130.216.184.158.51344 1 0 0 0 FR
argus 2.0.0n ra and server:
09 Oct 00 15:45:30.593265 tcp 255.255.255.255.47516 ?> 209.92.32.58.20264 2 0 128 0 R
09 Oct 00 15:45:30.594925 tcp 255.255.255.255.47516 ?> 209.92.32.58.20264 2 0 128 0 R
09 Oct 00 15:45:30.596971 tcp 255.255.255.255.47516 ?> 209.92.32.58.20264 2 0 128 0 R
09 Oct 00 15:45:30.603479 tcp 255.255.255.255.47516 ?> 209.92.32.58.20264 2 0 128 0 R
09 Oct 00 15:45:30.607711 tcp 255.255.255.255.47516 ?> 209.92.32.58.20264 2 0 128 0 R
09 Oct 00 15:45:26.483471 tcp 209.92.32.58.23402 o> 130.216.238.253.30286 1 0 64 0 E
09 Oct 00 15:45:30.500523 tcp 209.92.32.58.17675 o> 130.216.114.162.56316 1 0 64 0 E
09 Oct 00 15:45:30.578579 tcp 209.92.32.58.20264 o> 130.216.25.255.47516 1 0 64 0 E
09 Oct 00 15:45:30.615720 tcp 255.255.255.255.47516 o> 209.92.32.58.20264 1 0 64 0 R
09 Oct 00 15:45:31.220051 tcp 209.92.32.58.39231 o> 130.216.11.112.60519 1 0 64 0 E
09 Oct 00 15:45:35.570946 tcp 209.92.32.58.46564 o> 130.216.73.78.36023 1 0 64 0 E
09 Oct 00 15:45:38.099749 tcp 209.92.32.58.62393 o> 130.216.197.183.3900 1 0 64 0 E
09 Oct 00 15:45:40.127964 tcp 209.92.32.58.61339 o> 130.216.219.164.34760 1 0 64 0 E
09 Oct 00 15:45:42.822609 tcp 209.92.32.58.18606 o> 130.216.233.205.37246 1 0 64 0 E
09 Oct 00 15:45:44.399135 tcp 209.92.32.58.2192 o> 130.216.148.72.31029 1 0 64 0 E
09 Oct 00 15:45:48.444571 tcp 209.92.32.58.61959 o> 130.216.187.140.43743 1 0 64 0 E
09 Oct 00 15:45:53.144832 tcp 209.92.32.58.15817 o> 130.216.101.153.56386 1 0 64 0 E
09 Oct 00 15:45:53.928270 tcp 209.92.32.58.39971 o> 130.216.128.106.13535 1 0 64 0 E
09 Oct 00 15:46:00.997662 tcp 209.92.32.58.7927 o> 130.216.218.159.42621 1 0 64 0 E
09 Oct 00 15:46:02.548518 tcp 209.92.32.58.57252 o> 130.216.216.88.41852 1 0 64 0 E
09 Oct 00 15:46:11.495272 tcp 209.92.32.58.16216 o> 130.216.209.234.59282 1 0 64 0 E
09 Oct 00 15:46:15.690154 tcp 209.92.32.58.4485 o> 130.216.37.131.25495 1 0 64 0 E
09 Oct 00 15:46:18.329050 tcp 209.92.32.58.22294 o> 130.216.47.108.50062 1 0 64 0 E
09 Oct 00 15:46:18.366003 tcp 209.92.32.58.23073 o> 130.216.177.48.9923 1 0 64 0 E
09 Oct 00 15:46:20.319572 tcp 209.92.32.58.19954 o> 130.216.184.158.51344 1 0 64 0 E
09 Oct 00 15:46:22.263408 tcp 209.92.32.58.18024 o> 130.216.31.209.32482 1 0 64 0 E
09 Oct 00 15:46:23.485940 tcp 209.92.32.58.57253 o> 130.216.101.5.53415 1 0 64 0 E
More information about the argus
mailing list