TCP port 0 or *?
John T. Myers
myersj0 at gmail.com
Sun Aug 17 21:20:21 EDT 2014
I am trying to use Argus to log non-aggregated/processed flow into MySQL, but rasqlinsert sets the port numbers to 0 (or * when just using ra) whenever the “f” partial fragmentation flag is set. Is there a way to just ignore that through a filter ... because it fills up more database rows than any other flows that are being collected.
This happens with a simple: ra -S someipaddress:port ip
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140817/06cdb5a0/attachment.html>
More information about the argus
mailing list