vern at icir.org
Fri Jan 3 10:02:49 PST 2003
> While the connection
> between other hosts(also in my network) can not show all information, such
> as src_bytes and dst_bytes, instead of number it show "?".
The key for those connections is their status. In this case, it is S0:
> 1041604588.107852 ? ftp ? ? 10.1.2.251 10.1.2.28 S0 X
> ~~~ ~~~~~
which (as explained in doc/conn-logs) means "no answer". Because there
was no answer, the connection does not have a meaningful duration, or
volume of bytes sent in either direction.
More information about the Bro