How to filter out records with unknown direction
Carter Bullard
carter at qosient.com
Thu Jan 10 16:27:33 EST 2008
ra - tcp and \( syn or synack \)
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: Kevin & Leah Branch <klkbranch at hotmail.com>
Date: Thu, 10 Jan 2008 20:10:32
To:<argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] How to filter out records with unknown direction
Can anyone clue me into what to add to my ra filters to exclude records with unknown direction ( <?> ). I find when these records pop up, they tend to make servers look as if they are making outbound connections when they aren't. In certain types of traffic analysis, it gets really distracting.
Thanks,
Kevin
----------------
Put your friends on the big screen with Windows Vista® + Windows Live™. Start now!
More information about the argus
mailing list