ICMP records of an unusual size

Sat Mar 29 13:12:39 EDT 2014

I noticed a few odd records in our argus data the other day, and I'm a bit
stumped as to how they might have gotten there...I see these:

                     StartTime                 LastTime  Proto  Sport
Dir  Dport              TotPkts             TotBytes
      03/25/14 11:09:49.473637 03/25/14 11:09:49.501733      1 0x0303   <-
0x60ea     2182690890685501     2495973268128260
      03/25/14 11:11:26.413780 03/25/14 11:11:26.445918      1 0x0303   <-
0x68ea     1910394259086494     1915658761929220
      03/25/14 11:11:26.427968 03/25/14 11:11:26.434707      1 0x0303   <-
0x6aea     2019091291413663      612496964846084
      03/25/14 11:12:46.878386 03/25/14 11:12:46.890172      1 0x0303   <-
0x76ea     3837314156567791      167070201545220

These records all had the same source and destination address. Does anyone
have a theory? My guess is either corruption of the data (seems unlikely in
this case) or perhaps something had issue parsing these particular records
(racluster, rasplit)?

Any suggestions from the list on how I might figure out more about these
records or how they might have been generated?

Cheers,

Jesse
-- 
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140329/e30c208b/attachment.html>