TCP flags

CS Lee geek00l at gmail.com
Sun Nov 26 19:07:20 EST 2006 

Carter,

I'm comparing the result of -z and -Z b when reading argus flow.

ra -Z b -r test.argus -nn - synack
17:48:45.553602               6       1.2.3.4.1553      ->
2.3.4.5.80
1        1
          60           60  FA_A

ra -z -r test.argus -nn - synack
17:48:45.553602               6       1.2.3.4.1553      ->
2.3.4.5.80
1        1
          60           60  sSEf

Is it shown correctly as there should be SA from dst IP, I'm confused with
these two results or the -Z b seems to show flags when it last seen in the
flow. Thanks.

-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061127/a254e61b/attachment.html>

More information about the argus mailing list