argus proto field

Carter Bullard carter at qosient.com
Sat May 23 09:36:22 EDT 2009


Hey CS Lee,
The "flgs" field is intended as a quick reference, with explicit
ordering of status.  Its not intended as a status reporting element.

I think you would like a means to dump the complete semantics
of each DSR.  Right now we have, what is it, 132 fields that you
can print out.  Looks we need more fields.

We have 22 dsrs in an argus record now, including the newer
geolocation data elements.

What do you think, if we had something like this:
      ra -r argus.file -s dsr:flow,net

and you got the complete contents of the Flow dsr and the
Network dsr, which would have your TCP status, and all its
indications, would  that be a way of doing it?  This probably
would only be available when you specify

    "-M xml"

?

Carter

On May 22, 2009, at 9:41 PM, CS Lee wrote:

> hi carter,
>
> In the proto field, there is protocol specific and its designation,  
> my question is what if in particular flow we do see packet  
> retransmission, and we also see tcp out of order or maybe unknown ip  
> option set, etc. But the flow will only show one of them, is that  
> possible to make it show all of them.
>
> Proto
> e *
>
> It would make troubleshooting much easier if we can see all of them.
>
> Thanks.
>
>
> -- 
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090523/863a22d6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090523/863a22d6/attachment.bin>


More information about the argus mailing list