ra output: 0 packet counts and portless UDP transactions
Chris Cutler
cutler at securepipe.com
Tue Dec 16 11:02:41 EST 2003
Hello,
My apologies if the following questions are hopelessly newbie-ish, in the
wrong forum or frequently asked here (the archive at
http://www.qosient.com/argus/theorygroup.htm) is down:
* I'm using ra -c -n to look at some argus data and I've run into several
lines where the source and destinaciton packet counts are 0. How shall
I interpret this (it makes no sense to me). For example:
19 Nov 03 12:03:33 tcp X.X.X.X.27308 -> X.X.X.X.80 0 2 0 140 FIN
* Also, I've come across some very strange udp transactions in which the
source and destination host addresses lack ports. This is deeply
puzzling. For example:
24 Nov 03 15:25:18 udp X.X.X.X -> X.X.X.X 1 0 54 0 TIM
I'm using argus version 2.0.5. Thanks in advance for your help.
Chris
More information about the argus
mailing list