ra man page.

Carter Bullard carter at qosient.com
Thu May 24 22:53:20 EDT 2001 

Hey Chris,
   Hope you don't mind me sending this to the list.  Its better
that many people see the question, and the answer at the same
time.

   'I' indicator.  Yes, you are correct, the 'I' indicator is
not documented in the man page, but that is an oversight on my
part.

   The 'I' indicator is saying that an ICMP packet was received
that mapped to this particular flow.  This could be an Unreachable,
or a Redirect.  The IETF IPPM Working Group has defined as
class of connected flows which are Type-P1-P2 flows, where
a packet of one type goes out, say a SYN, and a packet of a 
completely different type, like an ICMP Port Unreachable shows up
as the response.  Argus tracks these types of flows, and reports
the type of ICMP that was returned, but it doesn't count the ICMP
packet.  The actual ICMP packet is accounted for in its own flow,
so that you can find the gory details, like what router sent the
ICMP, etc....

Hope this helps!  I'll have the update in the next client release
that we have.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com 

-----Original Message-----
From: Chris Newton [mailto:newton at unb.ca] 
Sent: Thursday, May 24, 2001 10:42 PM
To: Carter Bullard
Subject: ra man page.


Hi Carter,  I was checking out the ra man page, and think there might be
some 
missing information from this section:

The proto indicator consists of two fields. The first is protocol
specific and 
the designations are:
             m       -  MPLS encapsulated flow
             q       -  802.1Q encapsulated flow
             p       -  PPP over Enternet encapsulated flow
             E       -  Multiple encapsulations/tags
              s      -  Src TCP packet retransmissions
              d      -  Dst TCP packet retransmissions
              *      -  Both Src and Dst TCP retransmissions
               S     -  Src TCP Window Closure
               D     -  Dst TCP Window Closure
               @     -  Both Src and Dst Window Closure
                S    -  IP option Strict Source Route
                L    -  IP option Loose Source Route
                T    -  IP option Time Stamp
                +    -  IP option Security
                R    -  IP option Record Route
                N    -  IP option SATNET
                O    -  multiple IP options set
                 F   -  Fragments seen
                 f   -  Partial Fragment
                 V   -  Fragment overlap seen
                  M  -  Multiple physical layer paths

To be specific, I have seen traffic tagged with 'I', which isnt listed
in the 
grouping above.  Any ideas?

Chris

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

Chris Newton, Systems Analyst
Computing Services, University of New Brunswick
newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)

More information about the argus mailing list