odd ra output with -Zb
Russell Fulton
r.fulton at auckland.ac.nz
Wed Aug 9 17:22:53 EDT 2006
HI Carter,
using argus-clients-3.0.0.rc.23 and running ra with the -Zb (does
anyone else use this option?) ra appears to display only the source flags.
For these (but not all flows) the output for -Z(b|s|d) appear to be
identical.
Is this a 'clever' optimization where only one set of flags are
displayed if the flags are symmetric.
Apart from this and the memory issue with racluster argus 3.0 is running
well on my busiest sensor.
Cheers, Russell
-Zb
> 08:01:20.684427 r tcp 130.216.49.189.49226 -> 141.211.14.25.993 20 16 1717 4106 FSRPA
> 08:01:23.525084 tcp 130.216.49.189.49227 -> 141.211.14.25.993 20 19 1718 7395 FSRPA
> 08:01:26.637297 r tcp 130.216.49.189.49228 -> 141.211.14.25.993 21 20 1794 7291 FSRPA
> 08:01:29.791700 tcp 130.216.49.189.49229 -> 141.211.14.25.993 17 14 1479 1764 FSRPA
> 08:01:31.554709 tcp 130.216.49.189.49230 -> 141.211.14.25.993 19 17 1665 2223 FSRPA
> 08:01:33.821605 tcp 130.216.49.189.49231 -> 141.211.14.25.993 19 15 1666 2031 FSRPA
> 08:01:36.187044 tcp 130.216.49.189.49232 -> 141.211.14.25.993 19 16 1664 4355 FSRPA
> 08:01:38.463524 r tcp 130.216.49.189.49233 -> 141.211.14.25.993 24 23 1999 14379 FSRPA
> 08:01:41.797460 tcp 130.216.49.189.49234 -> 141.211.14.25.993 19 15 1658 2931 FSRPA
> 08:01:44.193057 r tcp 130.216.49.189.49235 -> 141.211.14.25.993 20 16 1715 3726 FSRPA
> 08:01:46.429550 tcp 130.216.49.189.49236 -> 141.211.14.25.993 19 17 1653 2940 FSRPA
> 08:01:48.473256 tcp 130.216.49.189.49237 -> 141.211.14.25.993 19 17 1657 2917 FSRPA
> 08:01:50.818629 tcp 130.216.49.189.49238 -> 141.211.14.25.993 20 17 1719 6071 FSRPA
> 08:01:53.458966 r tcp 130.216.49.189.49239 -> 141.211.14.25.993 21 19 1788 8462 FSRPA
> 08:01:56.583179 tcp 130.216.49.189.49240 -> 141.211.14.25.993 19 15 1665 2431 FSRPA
> 08:01:58.680469 tcp 130.216.49.189.49241 -> 141.211.14.25.993 19 15 1655 2927 FSRPA
> 08:02:00.766632 tcp 130.216.49.189.49242 -> 141.211.14.25.993 19 17 1657 2634 FSRPA
> 08:02:02.921232 tcp 130.216.49.189.49246 -> 141.211.14.25.993 17 14 1469 1764 FSRPA
> 08:02:04.690269 r tcp 130.216.49.189.49247 -> 141.211.14.25.993 21 19 1788 8211 FSRPA
> 08:02:07.635353 tcp 130.216.49.189.49248 -> 141.211.14.25.993 19 15 1654 2442 FSRPA
> 08:02:09.873538 tcp 130.216.49.189.49249 -> 141.211.14.25.993 19 15 1650 2133 FSRPA
> 08:02:11.948114 tcp 130.216.49.189.49250 -> 141.211.14.25.993 19 17 1649 2213 FSRPA
> 08:02:14.053730 tcp 130.216.49.189.49251 -> 141.211.14.25.993 19 15 1659 2195 FSRPA
> 08:02:16.127153 r tcp 130.216.49.189.49252 -> 141.211.14.25.993 22 22 1864 13439 FSRPA
> 08:02:19.837593 tcp 130.216.49.189.49253 -> 141.211.14.25.993 19 17 1655 2285 FSRPA
> 08:02:22.151326 tcp 130.216.49.189.49254 -> 141.211.14.25.993 19 15 1659 2196 FSRPA
-Zs
> 08:01:20.684427 r tcp 130.216.49.189.49226 -> 141.211.14.25.993 20 16 1717 4106 FSRPA
> 08:01:23.525084 tcp 130.216.49.189.49227 -> 141.211.14.25.993 20 19 1718 7395 FSRPA
> 08:01:26.637297 r tcp 130.216.49.189.49228 -> 141.211.14.25.993 21 20 1794 7291 FSRPA
> 08:01:29.791700 tcp 130.216.49.189.49229 -> 141.211.14.25.993 17 14 1479 1764 FSRPA
> 08:01:31.554709 tcp 130.216.49.189.49230 -> 141.211.14.25.993 19 17 1665 2223 FSRPA
> 08:01:33.821605 tcp 130.216.49.189.49231 -> 141.211.14.25.993 19 15 1666 2031 FSRPA
> 08:01:36.187044 tcp 130.216.49.189.49232 -> 141.211.14.25.993 19 16 1664 4355 FSRPA
> 08:01:38.463524 r tcp 130.216.49.189.49233 -> 141.211.14.25.993 24 23 1999 14379 FSRPA
> 08:01:41.797460 tcp 130.216.49.189.49234 -> 141.211.14.25.993 19 15 1658 2931 FSRPA
> 08:01:44.193057 r tcp 130.216.49.189.49235 -> 141.211.14.25.993 20 16 1715 3726 FSRPA
> 08:01:46.429550 tcp 130.216.49.189.49236 -> 141.211.14.25.993 19 17 1653 2940 FSRPA
> 08:01:48.473256 tcp 130.216.49.189.49237 -> 141.211.14.25.993 19 17 1657 2917 FSRPA
> 08:01:50.818629 tcp 130.216.49.189.49238 -> 141.211.14.25.993 20 17 1719 6071 FSRPA
> 08:01:53.458966 r tcp 130.216.49.189.49239 -> 141.211.14.25.993 21 19 1788 8462 FSRPA
> 08:01:56.583179 tcp 130.216.49.189.49240 -> 141.211.14.25.993 19 15 1665 2431 FSRPA
> 08:01:58.680469 tcp 130.216.49.189.49241 -> 141.211.14.25.993 19 15 1655 2927 FSRPA
> 08:02:00.766632 tcp 130.216.49.189.49242 -> 141.211.14.25.993 19 17 1657 2634 FSRPA
> 08:02:02.921232 tcp 130.216.49.189.49246 -> 141.211.14.25.993 17 14 1469 1764 FSRPA
> 08:02:04.690269 r tcp 130.216.49.189.49247 -> 141.211.14.25.993 21 19 1788 8211 FSRPA
> 08:02:07.635353 tcp 130.216.49.189.49248 -> 141.211.14.25.993 19 15 1654 2442 FSRPA
> 08:02:09.873538 tcp 130.216.49.189.49249 -> 141.211.14.25.993 19 15 1650 2133 FSRPA
-Zd
> 08:01:20.684427 r tcp 130.216.49.189.49226 -> 141.211.14.25.993 20 16 1717 4106 FSRPA
> 08:01:23.525084 tcp 130.216.49.189.49227 -> 141.211.14.25.993 20 19 1718 7395 FSRPA
> 08:01:26.637297 r tcp 130.216.49.189.49228 -> 141.211.14.25.993 21 20 1794 7291 FSRPA
> 08:01:29.791700 tcp 130.216.49.189.49229 -> 141.211.14.25.993 17 14 1479 1764 FSRPA
> 08:01:31.554709 tcp 130.216.49.189.49230 -> 141.211.14.25.993 19 17 1665 2223 FSRPA
> 08:01:33.821605 tcp 130.216.49.189.49231 -> 141.211.14.25.993 19 15 1666 2031 FSRPA
> 08:01:36.187044 tcp 130.216.49.189.49232 -> 141.211.14.25.993 19 16 1664 4355 FSRPA
> 08:01:38.463524 r tcp 130.216.49.189.49233 -> 141.211.14.25.993 24 23 1999 14379 FSRPA
> 08:01:41.797460 tcp 130.216.49.189.49234 -> 141.211.14.25.993 19 15 1658 2931 FSRPA
> 08:01:44.193057 r tcp 130.216.49.189.49235 -> 141.211.14.25.993 20 16 1715 3726 FSRPA
> 08:01:46.429550 tcp 130.216.49.189.49236 -> 141.211.14.25.993 19 17 1653 2940 FSRPA
> 08:01:48.473256 tcp 130.216.49.189.49237 -> 141.211.14.25.993 19 17 1657 2917 FSRPA
> 08:01:50.818629 tcp 130.216.49.189.49238 -> 141.211.14.25.993 20 17 1719 6071 FSRPA
> 08:01:53.458966 r tcp 130.216.49.189.49239 -> 141.211.14.25.993 21 19 1788 8462 FSRPA
> 08:01:56.583179 tcp 130.216.49.189.49240 -> 141.211.14.25.993 19 15 1665 2431 FSRPA
> 08:01:58.680469 tcp 130.216.49.189.49241 -> 141.211.14.25.993 19 15 1655 2927 FSRPA
> 08:02:00.766632 tcp 130.216.49.189.49242 -> 141.211.14.25.993 19 17 1657 2634 FSRPA
> 08:02:02.921232 tcp 130.216.49.189.49246 -> 141.211.14.25.993 17 14 1469 1764 FSRPA
>
More information about the argus
mailing list