ra.c question
David Brumley
dbrumley at rtfm.stanford.edu
Fri Feb 9 19:08:58 EST 2001
Hi,
I'm a bit unclear in ra.c process_tcp what this logic is for:
this_src_bytes = argus->argus_far.src.bytes;
this_dst_bytes = argus->argus_far.dst.bytes;
if (Aflag && (tcp != NULL)) {
this_src_bytes = tcp->src.ackbytes;
this_dst_bytes = tcp->dst.ackbytes;
}
does argus_far.dst.bytes not always report the correct number of
bytes?
-david
--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU
Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
Life is a whim of several billion cells to be you for a while.
More information about the argus
mailing list