Record direction and missed SYN
Rafael Barbosa
rrbarbosa at gmail.com
Tue Sep 11 11:46:37 EDT 2012
Hi,
I am running into another problem with the reversed record directions. Now
I have a flow with a single record were the SYN packet is missing (i.e.,
the first captured packet is a SYN-ACK).
After creating the argus dump and reading it with ra, I get the following:
$> argus -r bug.pcap -w bug.argus
$> ra -r bug.argus
09:43:42.524434 e tcp X.X.X.X.10502 ->
Y.Y.Y.Y.43539 10 3312 FIN
So argus is using the source of the SYN-ACK packet as 'client' and the
destination as 'server', while the opposite would be the correct.
I uploaded the bug.pcap to the server.
Best regards,
Rafael Barbosa
http://www.ewi.utwente.nl/~barbosarr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120911/ea595b37/attachment.html>
More information about the argus
mailing list