argus direction field
CS Lee
geek00l at gmail.com
Mon Mar 16 09:05:30 EDT 2009
hi carter,
Regarding the direction field in argus flow record, I read the man page
about this -
- - transaction was NORMAL
| - transaction was RESET
o - transaction TIMED OUT.
? - direction of transaction is unknown.
Okay, sometime we see the record in this
saddr <- daddr
saddr -> daddr
saddr <-> daddr
As argus reports current state of flow, does it mean
saddr <- daddr = destination address is sending data to source address
saddr -> daddr = source address is sending data to destination address
saddr <-> daddr = both end points has data exchanges for the moment
And for this -
saddr ?> daddr
saddr <? daddr
saddr <?> daddr
Does this means
saddr ?> daddr - guess the source address maybe the traffic originator
saddr <? daddr - guess the destination address maybe the traffic originator
saddr <?> daddr - not too sure either address is traffic originator
I know you have explained a little bit about it but I just need to make sure
I interpret this correctly though I can actually know the current state of
connection by looking at state field.
Thanks.
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090316/4f6a9bd2/attachment.html>
More information about the argus
mailing list