fix against rc.27 clients
Phillip G Deneault
deneault at WPI.EDU
Sat Aug 26 11:25:05 EDT 2006
Peter Van Epp wrote:
> I figured there was a reason for overloading the columns, and sorting
> was my guess :-) but that said (and admitting I have no idea why I would ever
> want them) it seems a shame to have the data but not be able to get to it
> somehow. Perhaps yet another field which will print out all the flags
> associated with a flow (probably easiest implemented as writing the flag once
> in the overloaded sort friendly buffer as now and again in a longer buffer
> where any flag that can coexist in a flow has its own position (either
> overlayed or if thats easier one quite long buffer) if an all flags option
> has been set? Does anyone else think this is useful? At worst the data is in
> the records you could write a client that would pull it out but then a note
> somewhere telling people that its there if you need it is probably in order.
I would prefer that any flag that can coexist with another have its own
column. Those fields are chock-full of useful context that can be used
and if data stays hidden due to a particular sorting mechanism or flag
priority, then you've effectively crippled the usefulness of the flags
altogether.
Not to mention the ability for a hacker to potentially hide what they
are REALLY up to by sending other data which flags the flows differently.
And most importantly... I'd rather not write my own client when the ra*
tools all work so well. :-)
Phil
More information about the argus
mailing list