where's proto?
Carter Bullard
carter at qosient.com
Fri Jun 1 19:21:32 EDT 2001
Hey Peter,
You're missing the '-I' option field, or indicator field.
How are you calling ra()? Are you using a .rarc type file?
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Peter Van
Epp
Sent: Friday, June 01, 2001 6:56 PM
To: argus
Subject: where's proto?
I'm poking at 2.01 output and perl but the proto field seems to
be
mia. From 1.8.1 output:
Tue 05/29 00:01:28 d tcp 207.34.179.108.4922 -> 142.58.120.21.25
10 17 2169 605 FIN
apparantly the same transaction from 2.0.1, but note the lack of "d"
retrans flag, and in fact the field doesn't appear to be present in
a delimited output ra run:
29 May 01 00:07:40 tcp 207.34.179.108.4922 -> 142.58.120.21.25
10 14 2837 1399 FIN
29 May 01 00:08:02 tcp 207.34.179.108.4922 -> 142.58.120.21.25
0 2 0 224 FIN
29 May 01 00:08:55 tcp 207.34.179.108.4922 -> 142.58.120.21.25
0 1 0 112 FIN
2001-05-29-14:39:59;udp;64.124.83.65;17978;<->;142.58.164.27;6976;ACC
^
I'd expect the proto field to appear here!
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list