Vern Paxson vern at icir.org
Fri Jan 3 10:02:49 PST 2003

> While the connection 
> between other hosts(also in my network) can not show all information, such 
> as src_bytes and dst_bytes, instead of number it show "?".

The key for those connections is their status.  In this case, it is S0:

> 1041604588.107852 ? ftp ? ? S0 X
>                  ~~~   ~~~~~

which (as explained in doc/conn-logs) means "no answer".  Because there
was no answer, the connection does not have a meaningful duration, or
volume of bytes sent in either direction.


More information about the Bro mailing list