INT vs REQ
Carter Bullard
carter at qosient.com
Tue Oct 22 10:54:01 EDT 2013
Hey /Elof,
So what about the testing out the duplicate packet thing ???
Not interested ????
All of that status stuff for non TCP flows should have been
fixed, in the newer argus clients.
Carter
On Oct 22, 2013, at 9:15 AM, elof2 at sentor.se wrote:
>
> Hi Carter!
>
> I just noticed this:
>
> My udp flows, when using ra -Zb, are usually CON, then there are lots of REQ and lastly there are some INT.
>
>
> The ra manual says:
> REQ|INT (requested|initial)
> This indicates that this is the initial state report for a transac-
> tion and is seen only when the argus-server is in DETAIL mode. For
> TCP connections this is REQ, indicating that a connection is being
> requested. For the connectionless protocols, such as UDP, this is
> INT.
>
>
> Why are some udp packets REQ while others are INT?
> Shouldn't all unconnected UDP packets be INT?
>
>
> (note, an old version of ra was used here: 3.0.6.2)
>
> /Elof
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131022/1e3976b9/attachment.bin>
More information about the argus
mailing list