Argus concatenates flows that have the same 5-tuple
New Ever
new44ever at yahoo.com
Tue Jul 8 19:18:14 EDT 2014
Hi,
Assume a PC with certain IP connects to a server ==> TCP flow record 1
then the PC is shutdown and start up again after some time and connect again to the server ==> TCP flow record 2
Due to the source port reuse, ra/racluster aggregate the two record in one record making error in all Argus field specially Endtime and rate
How I can force ra to separate between the two record?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140708/89a4d5c0/attachment.html>
More information about the argus
mailing list