Breaking down selected traffic

Thu May 8 02:19:14 EDT 2003

Hi Carter,

Thanks for this tip - most useful.

Did get one minor curiosity when I ran it tho, duplicate entries for 
various services like so:

(Have chopped the date column in the interest's of readability)

tcp http             7099751  7045491   676059782    4294896677
tcp http             459270   445984    46457198     255631299
<snip>
icmp                  1217     0         65362        0
<snip>
icmp                  22       0         1540         0
...

Any idea as to why?
I'm using argus-clients-2.0.6.beta.40
The command line to generate the above is:

ra -r argus.out -w - - ether host gw-x:x:x:x:x:x:x and not "( src or dst 
net dmz-a.b.c or dst net local-d.e.f )" |  ramon -M svc

-> traffic leaving our gateway, not destined/from the DMZ or local net

Thanks

- Steve