about

Vern Paxson vern at icir.org
Fri Jan 3 10:02:49 PST 2003


> While the connection 
> between other hosts(also in my network) can not show all information, such 
> as src_bytes and dst_bytes, instead of number it show "?".

The key for those connections is their status.  In this case, it is S0:

> 1041604588.107852 ? ftp ? ? 10.1.2.251 10.1.2.28 S0 X
>                  ~~~   ~~~~~
                                                   ^^

which (as explained in doc/conn-logs) means "no answer".  Because there
was no answer, the connection does not have a meaningful duration, or
volume of bytes sent in either direction.

		Vern



More information about the Bro mailing list