argus-3.0.0.rc.3
Mike Iglesias
iglesias at uci.edu
Thu Jun 8 17:10:31 EDT 2006
Peter Van Epp wrote:
> Shouldn't be because they are the two sides of a fdx link through a tap.
> Being our backbone I'd guess some ill behaved device out there doing something
> odd :-). Disk space on a tcpdump is an issue the disk fills quickly with a
> full size capture. I'll see if it repeats (it hasn't so far). Of course it
> currently looks like the machine has crashed so perhaps all isn't as well as
> I think :-).
Wouldn't you just need the packet headers to trace this? I don't think you'd
need the data too. It'd save you disk space if you end up having to run a
tcpdump trace.
--
Mike Iglesias
NACS Security Team Email: security at uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069
More information about the argus
mailing list