argus records
mukesh agrawal
m.argus-info at agrawals.org
Fri Apr 5 22:52:19 EST 2002
Hi,
I'm trying to understand some Argus dump files that I have. I've looked at
the web site and through the mailing list archives, but couldn't find the
answer to my question.
I'm looking at flows that were captured with argus, and converted to XML
with raxml. The specific question I have is "what does the
ArgusFlowRecord.Metrics.SrcAppBytes field mean?"
The reason I ask is that I have some flows in my capture for which the
SrcAppBytes value is greater than the
ArgusFlowRecord.ExtFlow.TcpExtMetrics.SrcTcpBytes value (and similarly for
DstAppBytes and DstTcpBytes). It isn't clear to me what to make of such
records.
A second question is what the meaning of the
Metrics.ArgusAgrData.Count.{Packet,Transaction} fields are.
Or a more general question: is there documentation on what the fields in
the Argus records mean?
Thanks.
More information about the argus
mailing list