Connection Bytes

CS Lee geek00l at gmail.com
Wed Oct 4 01:58:29 EDT 2006


Hi all,

Normally when we perform analysis using argus, we will have entry like this

17:19:46.623049 6 222.64.79.60.3493 -> 1.2.3.4.80 4 3 *536 780* CON
17:19:53.598808 6 222.64.79.60.3493 -> 1.2.3.4.80 2 1 *420 668* CON

The bold numbers are the sbytes and dbytes, which is actually includes the
header and i consider it as frame bytes, is it possible to only show the
payload(application bytes) instead of the whole frame bytes?

By the way, I vote for libpcap base too :)

Cheers





-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061004/0e539c22/attachment.html>


More information about the argus mailing list