where's proto?
Peter Van Epp
vanepp at sfu.ca
Mon Jun 4 11:00:06 EDT 2001
Indeed I am. When I add a -I all is well. Thanks. I'm using the -F
flag to specify a config file.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> Hey Peter,
> You're missing the '-I' option field, or indicator field.
> How are you calling ra()? Are you using a .rarc type file?
>
> Carter
>
> Carter Bullard
> QoSient, LLC
> 300 E. 56th Street, Suite 18K
> New York, New York 10022
>
> carter at qosient.com
> Phone +1 212 588-9133
> Fax +1 212 588-9134
> http://qosient.com
>
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Peter Van
> Epp
> Sent: Friday, June 01, 2001 6:56 PM
> To: argus
> Subject: where's proto?
>
>
> I'm poking at 2.01 output and perl but the proto field seems to
> be
> mia. From 1.8.1 output:
>
> Tue 05/29 00:01:28 d tcp 207.34.179.108.4922 -> 142.58.120.21.25
> 10 17 2169 605 FIN
>
>
> apparantly the same transaction from 2.0.1, but note the lack of "d"
> retrans flag, and in fact the field doesn't appear to be present in
> a delimited output ra run:
>
> 29 May 01 00:07:40 tcp 207.34.179.108.4922 -> 142.58.120.21.25
> 10 14 2837 1399 FIN
> 29 May 01 00:08:02 tcp 207.34.179.108.4922 -> 142.58.120.21.25
> 0 2 0 224 FIN
> 29 May 01 00:08:55 tcp 207.34.179.108.4922 -> 142.58.120.21.25
> 0 1 0 112 FIN
>
> 2001-05-29-14:39:59;udp;64.124.83.65;17978;<->;142.58.164.27;6976;ACC
> ^
> I'd expect the proto field to appear here!
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
More information about the argus
mailing list