Partial Fragments

[Carter Bullard]

Sorry for the spell checker error, that should be the ‘sipid’ field.
Carter

> On Oct 26, 2014, at 12:21 PM, Carter Bullard <carter at qosient.com> wrote:
> 
> [snip]
> 
> Argus tracks these partial fragments by adding the fragid to its flow tracking key.  If
> you printed the ‘sipped’ field, you would see that they are all different.  When you
> racluster() this data, all of those individual flows will be aggregated together.
> 
> [snip]