ICMP Flow
Carter Bullard
carter at qosient.com
Mon Oct 27 10:59:19 EDT 2008
Hey CS Lee,
Sorry for the delayed response. Yes, I can add these. The status
field for ICMP flows has the type and code fields combined, into
a weird composite indicator, so we already have abbreviation
strings for all the types, and some of the codes. These are documented
in the ra.1 manpage.
Should I print out these abbreviations, or do you have another list
of names to print?
Hope all is most excellent,
Carter
On Oct 25, 2008, at 8:34 PM, CS Lee wrote:
> hi carter,
>
> Is that possible to print icmp type and code in particular, for
> example if can do -s icmptype icmpcode, i found it maybe useful for
> many situation and i know it's in the dsr already.
>
> Another thing is it seems the primitive filter for icmp - echo, it
> returns the record with URP as well, in the man page there's unreach
> primitive filter but it doesn't seem to work.
>
>
> Thanks.
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20081027/c45b9b83/attachment.html>
More information about the argus
mailing list