Field "state" from Argus (ra)
Mauricio Reis
reismc at gmail.com
Thu May 10 11:38:41 EDT 2018
> I'm working on the binetflow extension files available on the CTU-13 site (
> link
> <https://mcfp.weebly.com/the-ctu-13-dataset-a-labeled-dataset-with-botnet-normal-and-background-traffic.html>),
> which was generated by Argus with the "ra" option according to what I was
> able to verify (see link <http://dx.doi.org/10.1016/j.cose.2014.05.011>).
>
> I'd like to understand the values of the "state" field. The documentation
> I accessed (link <http://qosient.com/argus/man/man1/ra.1.pdf>) describes
> only some of the values I found (for example: ECO, ECR, IRQ, IRR, MAS, MHR,
> MRQ, MSR, NNA, NNS, NRA, NRS, PAR, PTB, RED, RTA, RTS, SRC, TSR, TST, TXD,
> URCUT, URF, URFIL, URH, URHPRO, URHTOS, URHU, URISO, URN, URNPRO, URNTOS,
> URNU, URP, URPRE, URS). But I could not understand the meaning of values
> like: FRPA, FSRAEC, RPA, SRA, etc - and combinations like: A_FRA,
> FSRPAEC_FSRPA, RPA_SA, SPAC_FSRPA.
>
> Would you help me?
>
> Att.,
> Mauricio Reis
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20180510/701572aa/attachment.html>
More information about the argus
mailing list