Developing an Argus client
Harry Bock
harry at oshean.org
Fri May 29 15:58:19 EDT 2009
Hey Carter,
Two quick questions:
- What is the difference between records with net subtypes ARGUS_TCP_PERF,
ARGUS_TCP_INIT, and ARGUS_TCP_STATUS? Is it possible to receive all three
for the same flow, in three different RaProcessRecord calls?
- I'm currently testing things using PCAP captures processed by the argus
server program, but none of the TCP flows I've seen have the
ARGUS_NORMAL_CLOSE flag set - should I assume it's a normal close if none of
the ARGUS_RESET etc. flags are set?
Thanks,
Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090529/5bfebec6/attachment.html>
More information about the argus
mailing list