Argus release and argus-2.0.0M
Russell Fulton
r.fulton at auckland.ac.nz
Mon Jan 8 18:00:55 EST 2001
On Mon, 8 Jan 2001 18:59:35 -0400 Chris Newton <newton at unb.ca> wrote:
> Please excuse me if this is a stupid question... as I am new to Argus. Great
> work though. :)
Questions are never stupid, answers may be ;-)
>
> I have noticed that when printing out packet and byte counts for the flows,
> I noticed that some flows record at least 1 packet sent/recieved, yet 0 bytes
> sent/recieved.
I assume you are talking about argus 1.8
> I believe this is because the packet had no payload, hence no
> bytes actually transmitted. However, if you were to use Argus to record
> flows, and from these flows determine the utilization of an Internet link,
> with byte counts, would it not be good to have a way of including the packet
> header size as well? ie: 1 ICMP packet/flow is 56 bytes recieved/sent,
> instead of currently printing 0 bytes recieved/sent? Possibly a command line
> option?
Argus 2.0 does this by default, use ra -A (appication bytes) to get the
1.8 behaviour.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list