Extended TCP status bug
Carter Bullard
carter at qosient.com
Mon Sep 11 23:22:48 EDT 2000
Gentle People,
Russell wasn't going bonkers, there was a bug in the
extended TCP status field where the new 'f' was broken,
but now it seems to be better. Out in argus-2.0.0e.
The status field is "sSEfFCR" and they represent the
basic TCP state machine.
s - SYN
S - SYN_ACK
E - ACK (data transfer)
f - FIN_WAIT_1 (saw fin)
F - FIN_WAIT_2 (saw fin ack)
C - Closed (both sides got to F)
R - Reset
There was also a bug in reading packets in files, where
the times can look screwy, this also has been fixed.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 17A
New York, New York 10022
carter at qosient.com
Phone +1 212 813-9426
Fax +1 212 813-9426
More information about the argus
mailing list