Question about byte/packet counts
wozz at 0xdeadbeef.org
wozz at 0xdeadbeef.org
Wed Jul 24 18:09:00 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I'm watching some traffic (HTTP) between two web proxies. For some odd reason, I'm only seeing packet and byte counts for the destination. Example:
$ ra -r argus-20020724-17:34:11 -c - port 8082 |tail -20
24 Jul 02 18:02:49 tcp termitee.45426 -> fireflye.8082 0 5 0 431 FIN
24 Jul 02 18:02:49 tcp termitee.45427 -> bee.8082 0 5 0 430 FIN
24 Jul 02 18:02:49 tcp termitee.45428 -> spidere.8082 0 4 0 376 FIN
24 Jul 02 18:02:49 tcp termitee.45429 -> spidere.8082 0 4 0 391 FIN
24 Jul 02 18:02:49 tcp termitee.45430 -> fireflye.8082 0 4 0 376 FIN
24 Jul 02 18:02:50 tcp termitee.45431 -> fireflye.8082 0 5 0 733 FIN
24 Jul 02 18:02:51 tcp termitee.45432 -> fireflye.8082 0 4 0 663 FIN
(pardon the crappy formatting).
As you can see, the only packet/byte counts are for the flow destination. Now, while the destination packet/byte counts should be higher than the source (these are web proxies after all), it shouldn't be infinately so ;)
Any idea whats going on?
This is Argus 2.0.5 running on Solaris 8.
Thanks!
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wlsEARECABsFAj0/JdIUHHdvenpAMHhkZWFkYmVlZi5vcmcACgkQ1vK8vFo3sjzk5gCf
ZfiW4FhNqkN22JfOHL6nygI6vx0Anijo0lJpZ1Qb43nv37qmt+i3cPVE
=rZbM
-----END PGP SIGNATURE-----
More information about the argus
mailing list