"man" protocol?
Tim Lavoie
tim at fractaldragon.net
Mon Jan 2 18:27:48 EST 2006
Hi all,
I've just started looking at Argus in earnest, so I'm new, but
generally familiar with other networking tools.
Most of the traffic that I've looked at so far seems pretty normal, at
least in that I understand what it is, and the reporting of it from
tools like "ra". Some of it appears to highlight some gaps in what I know.
The ones which are strangest are those like the following. I'm fine
with tcp, udp, arp etc., but haven't found what the "man" protocol
means. Naturally, googling gives me countless links to man pages. In
any case, the format of these is slightly different from the rest, and
all apparently from a single IP (6000+ records, from December 12 to
present).
12-12-05 15:26:52.669222 man 229.97.122.203 v2.0 1 0 0 0 0 0 STA
12-12-05 15:26:52.670329 man 229.97.122.203 v2.0 16 7 233 0 49530 4 CON
12-12-05 15:31:52.183189 man 229.97.122.203 v2.0 36 6 65 0 4419 5 CON
12-12-05 15:36:52.035605 man 229.97.122.203 v2.0 53 5 60 0 3772 1 CON
Any ideas?
Thanks,
Tim
More information about the argus
mailing list