ra: window difference ?
julien
julien.t43 at gmail.com
Thu Nov 26 15:35:27 EST 2009
Hello everyone,
does someone know the difference between Wireshark "Window Space"
(tcp.window_space) and Argus "Window Advertisement" (swin/dwin) ?
I'm currently investigating a pcap representing a kind of DoS Synflood
attack. The former returns about 25k packets with size 0 a
nd 230k with size <n>, the latter returns 130k & 25k (swin only) ???
http://www.faqs.org/rfcs/rfc793.html speaks only about "Window".
I suppose it's probably linked with a difference of treatment as packet
or flow but not really sure.
(tcpdump has about 300k lines and ra returns 250k)
If someone has an explanation, I would be very happy to get it.
Thanks.
Best regards
Julien
More information about the argus
mailing list