ICMP 'data' size?

Carter Bullard carter at qosient.com
Thu May 24 09:46:26 EDT 2001


Hey Peter and Neil,
   Peter is indeed correct.  In 1.x, because of its fixed
length output record model, we crammed as much as we could
in the 64 bytes that were there, so we overloaded a lot of
fields.  I believe that 2.0 ra() presents all the information
from 1.x records that is there to extract and present, so
"if it ain't there, it ain't there", so to speak.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com


-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Peter Van
Epp
Sent: Monday, May 21, 2001 11:32 AM
To: argus
Subject: Re: ICMP 'data' size?


	Unfortunatly 1.8.1 used the count fields for the ICMP flags and
thus doesn't have sizes like V2.0 does so no there aren't any hidden
records.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


> 
> Hi
> 
> I can see that v2 has support for the data size in icmp records but 
> this is not output in v1(.8) using ra -ncr - is there any data hidden 
> away in the older argus record and an easy option to extract it?
> 
> I am looking for specific sized icmp packets in old data..... 8-(
> 
> Cheers
> Neil
> 
> 



More information about the argus mailing list