Ramon TopN and Svc
Nyuk Loong Kiw
Kiw at safecom.co.nz
Tue Mar 28 06:02:49 EST 2006
Hi all,
Just want to make sure that I am interpreting the result correctly:
when I do a ramon -M TopN .... and get the following result:
StartTime SrcAddr SrcPkt DstPkt SrcBytes
DstBytes
26 Mar 06 23:57:01 25.36.4.11 3059920 1845295 4292530792
122295004
27 Mar 06 06:07:00 25.36.4.11 3348738 2159570 4294768387
158009799
26 Mar 06 23:57:04 25.36.4.42 4165294 3617977 4294967253
541626630
Does SrcBytes mean outbound traffic from 25.36.4.11 and DstBytes mean
Inbound traffic to 25.36.4.11 ??
when I do a ramon -M Svc .... and get the following result:
StartTime Type Dport SrcPkt DstPkt SrcBytes
DstBytes
22 Mar 06 23:57:01 tcp 80 2589838 3881785 293955711
4294129847
23 Mar 06 05:09:01 tcp 80 3510626 4417761 519326091
4294927963
23 Mar 06 08:04:05 tcp 80 3568276 4462605 555184198
4294959613
22 Mar 06 23:57:01 tcp 25 6060113 4566678 4294911799
345404546
Does SrcBytes mean return traffic from Port 80 to the internet and
DstBytes mean traffic destined for Port 80 ??
Thanks
kiw
#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################
More information about the argus
mailing list