New ra output docs
wozz+argus at wookie.net
wozz+argus at wookie.net
Mon Apr 22 16:55:01 EDT 2002
I've updated to the new 2.0.5 beta's and I'm noticing some new info in the
ra tools output that doesn't appear to be documented.
s tcp x.1179 -> y.ssh 136 104 12120 11262 EST
s tcp x.4645 ?> y.ssh 26 20 1948 2242 FIN
s tcp x.4769 ?> y.ssh 180 155 13204 15084 FIN
* tcp x.1179 -> y.ssh 124 96 10980 10732 EST
s tcp x.1179 -> y.ssh 130 94 11676 9810 EST
* tcp x.1179 -> y.ssh 296 220 24852 92688 EST
* tcp x.1179 -> y.ssh 268 201 23304 55312 EST
* tcp x.1179 -> y.ssh 122 88 10440 9176 EST
tcp x.1179 -> y.ssh 35 41 2352 7242 EST
icmp x <-> z 1 1 74 74 ECO
icmp x <-> z 1 1 74 i 74 ECO
d tcp x.1179 -> y.ssh 79 106 6444 13804 EST
Specifically, what are the flags at the beginning of the line? (s,*,d). I
figure the columns after the dst are the src and dst packet and byte counts,
but I can't figure out what that first field is.
More information about the argus
mailing list