ra: window difference ?

Wed Dec 9 17:02:55 EST 2009

Carter Bullard wrote on 09/12/09 19:40:
> What filter(s) are you using to generate your numbers?


here for wireshark

>> Why Wireshark would return 9% of packets with size 0 and the others with 0 (filter with tcp.windows_space == 0 or n)
>> and Argus returns 84% of flows with size 0 and the others with size 0 ? (with ra)

and for argus, I make a chart with data from the following command:
ra -n -s swin -r $src_log

thanks