Question about byte/packet counts

wozz at 0xdeadbeef.org wozz at 0xdeadbeef.org
Wed Jul 24 19:03:07 EDT 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No filters on argus, on ra, as shown in my example, I filter in port 8082.  However, the symptoms show without a filter as well, as in this example (note that the problems expands from no packet/byte count for dest, to occasional no packet/byte count for source).  I suspect I'm just missing something, but what:

$ ra -zr argus-20020724-17:34:11 -Ac
24 Jul 02 17:34:18    tcp    x.y.248.19.3492          ->          termitee.8080         5        0         711          0           sEf
24 Jul 02 17:34:19    tcp    x.y.248.19.3499          ->          termitee.8080         5        0         713          0           sEf
24 Jul 02 17:34:19    tcp        termitee.57882         ->          fireflye.8082         0        5         0            66          SEf
24 Jul 02 17:34:19    tcp        termitee.57883         ->               bee.8082         0        5         0            66          SEf
24 Jul 02 17:34:19    tcp    x.y.248.19.3500          ->          termitee.8080         5        0         710          0           sEf
24 Jul 02 17:34:19    tcp        termitee.57884         ->               bee.8082         0        5         0            66          SEf
24 Jul 02 17:34:19    tcp   x.z.240.13.2341          ->          termitee.8080         25       0         805          0           sEf
24 Jul 02 17:34:19    tcp    x.y.248.19.3501          ->          termitee.8080         6        0         629          0           sEf

On 25 Jul 2002 10:23:14 +1200, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>On Thu, 2002-07-25 at 10:09, wozz at 0xdeadbeef.org wrote:
>>>
>> As you can see, the only packet/byte counts are for the flow destination.  Now, while the destination packet/byte counts should be higher than the source (these are web proxies after all), it shouldn't be infinately so ;)
>>
>> Any idea whats going on?
>>
>
>Hmmm... the byte counts *might* be right if you have used -A
>(applications bytes) but the packet counts are definitly screwy.
>
>What filters and flags were you using on ra and argus.  Is it possible
>that you are filtering out traffic in the other direction?
>
>Cheers, Russell.
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlsEARECABsFAj0/MoIUHHdvenpAMHhkZWFkYmVlZi5vcmcACgkQ1vK8vFo3sjwbrgCg
paFfU+mUL2OKAYanQrQ+CDcXFdAAoKVMjgIpPIMw/C7QlYr5ikvrZuGc
=5wxW
-----END PGP SIGNATURE-----

More information about the argus mailing list