Argus flow direction
tbh
tbh1000 at gmail.com
Tue May 9 13:29:21 EDT 2017
Greetings to the list...
I'm trying to understand why I'm seeing a second flow with an ambiguous
direction for this traffic. Given the saddr, sport, daddr, dport, proto are
all the same and the start/last times fit within the first line, I would
have thought it would have been considered part of that connection.
racluster -m saddr sport daddr dport -r argus-eth0.20170307*.gz -s stime
ltime proto saddr sport dir daddr dport pkts bytes dur - ipv4 and proto 6
and net 1.2.3.0/24
StartTime LastTime Proto
SrcAddr Sport Dir DstAddr Dport TotPkts TotBytes Dur
17-03-07 16:04:56.830048 17-03-07 16:31:07.160901 6
2.3.4.5.64453 -> 1.2.3.32.7610 10 1799 1570.3308*
17-03-07 16:26:39.835133 17-03-07 16:26:39.835244 6
1.2.3.32.7610 <?> 2.3.4.5.64453 2 120 0.000111
Any insight would be appreciated!
Thanks!
tbh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20170509/96f9d40f/attachment.html>
More information about the argus
mailing list