understanding the stat field
Carter Bullard
carter at qosient.com
Wed Oct 28 19:12:40 EDT 2009
Hey Rodney,
With the -Z option, your are printing out the TCP flags bits that were
seen. The format is SRCFLAGS_DSTFLAGS and so in your example,
the source sent the R(ESET). The destination sent the F(IN). No idea
who sent what first, and the FIN could be from a FIN_ACK indication.
If you use the -z option, you print out the argus TCP state indications,
and you may get a better indication of who reset the flow.
Carter
On Oct 28, 2009, at 5:59 PM, Rodney McKee wrote:
> When I see a state field like this, does it indicate the source of
> the reset?
>
> SRPA_FSPA
>
> Rgds
> Rodney McKee
Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091028/d797359c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091028/d797359c/attachment.bin>
More information about the argus
mailing list