TCP flags packet counting
John Gerth
gerth at graphics.stanford.edu
Sun Dec 9 00:05:53 EST 2018
All flow systems, and argus is a flow system, produce records which contain summaries of a connecton's traffic.
For the TCP flags field, the record contains the logical OR of the flags seen during the reporting interval rather
than counts for each flag.
To get counts for each flag, one could use tcpdump to capture and print the fields you need from each packet which
would be input to a program you write to generate the counts. However, this approach is probably only feasible
if the total number of packets processed is relatively small.
On 12/8/18 12:01 PM, Masoud Sadri wrote:
> Hi,
> In addition of total packets in each record I need to know the number of syn,ack,fin,rst,urg,psh,cwr,ece packets separably.
> Could you help me, please?
>
More information about the argus
mailing list