strange behaviour in status field
Rodney McKee
rmckee at aconex.com
Wed Oct 28 16:38:45 EDT 2009
Is this expected?
It appears that I'm getting different status flags if I add the src bytes filter. I'm using the filter to reduce the numbers of records displayed.
racluster -nr 20.gz -Z b - host 72.229.139.101
2009-10-20 22:38:07.705062 e s tcp 72.229.139.101.51653 -> 128.121.17.3.80 217559 222087604 S R PA_
racluster -nr 20.gz -Z b -s +stime +ltime +sbytes +dbytes - host 72.229.139.101
2009-10-20 22:38:07.705062 e s tcp 72.229.139.101.51653 -> 128.121.17.3.80 217559 222087604 SRPA_ 2009-10-20 22:38:07.705062 2009-10-20 23:36:37.342957 218133107 3954497
racluster -nr 20.gz -Z b -s +stime +ltime +sbytes +dbytes - host 72.229.139.101 and src bytes gt 100000
2009-10-20 22:38:07.705062 e s tcp 72.229.139.101.51653 -> 128.121.17.3.80 217490 222049458 SPA_S 2009-10-20 22:38:07.705062 2009-10-20 23:35:51.340683 218098077 3951381
racluster -nr 20.gz -Z b - host 72.229.139.101 and src bytes gt 100000
2009-10-20 22:38:07.705062 e s tcp 72.229.139.101.51653 -> 128.121.17.3.80 217490 222049458 SPA_S
Rgds
Rodney McKee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091029/19b52ea1/attachment.html>
More information about the argus
mailing list