Missing port number (same 2.0.3 buglet?)
Scott A. McIntyre
scott at xs4all.nl
Tue Oct 30 11:09:43 EST 2001
Hi all,
This may be related to the semi-bug that was found by Chris/Carter (and to
be fixed in 2.0.4) but just in case it's not, I'm wondering under what
conditions argus() would completely miss a port number in a tcp session.
Example:
30 Oct 01 16:34:25 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
30 Oct 01 16:34:56 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
30 Oct 01 16:36:13 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
30 Oct 01 16:36:44 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
30 Oct 01 16:37:14 tcp 212.bbb.xxx.219.51116 -> 194.aaa.yyy.80 EST
As you can see, it's got the source port just fine, 51116, however, there's
no destination port. Indeed, raxml also can't find it, and even listening
to argus() live with ra() doesn't catch it:
30 Oct 01 16:57:33 tcp 194.aaa.yyy.80 ?> 212.bbb.xxx.219.51116 EST
Nothing being done for filtering other than specifying the two hosts in
question.
Thanks for any ideas!
Scott
More information about the argus
mailing list