src_bytes and dst_bytes files

Kjell Tore Fossbakk kjelltore at gmail.com
Wed Jun 20 05:09:02 EDT 2007


Hello!

I have a question.

When Argus is unsertain about the direction of the flow (?>), what is the
relation ship between src_ip,src_port and src_count,src_bytes. To the best
of my knowledge and logic, all the 'src' fields belongs to each other and
all the 'dst' fields belongs to each other, is that true? Or could it be
that the src_count,src_bytes actually belongs to dst_ip,dst_port when argus
is unseratin about the direction (?>)?

I have some traffic which gives ?> dir, and the dst_bytes and dst_count is 0
while src_count and src_bytes is just a few. Why is argus unsertain about
the direction when there has only been sent traffic one way?

Sincerely,
Kjell Tore Fossbakk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070620/69933026/attachment.html>


More information about the argus mailing list