Directionality for protocol 50 traffic?
Jesse Bowling
jessebowling at gmail.com
Tue Jul 17 20:52:46 EDT 2012
While looking at protocol 50 traffic, I noticed that although I clustered,
I was seeing two flows, one for each direction. Is this the nature of the
protocol, an error in my command line invocation, or other?
# racluster -R 16 -M correct -m daddr -w - - ip and not tcp and not udp and
not icmp | rasort -r - -m bytes -N 20
StartTime Flgs Proto SrcAddr Sport Dir
DstAddr Dport TotPkts TotBytes State
11:47:49.171437 e 50 69.74.243.200 ->
192.168.1.2.0x202* 4925 2993934 INT
00:02:55.927866 e 50 192.168.1.2 ->
69.74.243.200.0x202* 5625 797574 INT
Cheers,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120717/36bda80f/attachment.html>
More information about the argus
mailing list