Argus release and argus-2.0.0M
Chris Newton
newton at unb.ca
Mon Jan 8 18:30:26 EST 2001
Ahh, well, yes, I was referring to 1.8. :) I never even thought that it might
have changed between the versions (silly me), and had not yet downloaded it.
Thanks for the info, I'm off to download it!
Chris
>===== Original Message From Russell Fulton <r.fulton at auckland.ac.nz> =====
>On Mon, 8 Jan 2001 18:59:35 -0400 Chris Newton <newton at unb.ca> wrote:
>
>> Please excuse me if this is a stupid question... as I am new to Argus.
Great
>> work though. :)
>
>Questions are never stupid, answers may be ;-)
>
>>
>> I have noticed that when printing out packet and byte counts for the
flows,
>> I noticed that some flows record at least 1 packet sent/recieved, yet 0
bytes
>> sent/recieved.
>
>I assume you are talking about argus 1.8
>
>> I believe this is because the packet had no payload, hence no
>> bytes actually transmitted. However, if you were to use Argus to record
>> flows, and from these flows determine the utilization of an Internet link,
>> with byte counts, would it not be good to have a way of including the
packet
>> header size as well? ie: 1 ICMP packet/flow is 56 bytes recieved/sent,
>> instead of currently printing 0 bytes recieved/sent? Possibly a command
line
>> option?
>
>Argus 2.0 does this by default, use ra -A (appication bytes) to get the
>1.8 behaviour.
>
>
>Russell Fulton, Computer and Network Security Officer
>The University of Auckland, New Zealand
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Chris Newton, Technical Analyst
Computing Services, University of New Brunswick
newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)
More information about the argus
mailing list