[ARGUS] has anyone seen ra output with a '*' for source port?
Nick Giordano
ngiordano at mitre.org
Fri Sep 10 12:56:09 EDT 2004
Here is what my output from ra looks like.
1091846925,17,192.168.26.254,*,->,192.168.26.255,1025,1,0,911,0,TIM
1091846925,17,192.168.26.254,*,->,192.168.26.255,1027,1,0,911,0,TIM
1091846925,17,192.168.26.254,*,->,192.168.26.255,1029,1,0,911,0,TIM
My first question is what does the packet have to look like to make
argus/ra list the source port a '*' ? How is it possible to have an
empty source port in a TCP packet?
Thanks,
Nick
More information about the argus
mailing list