about
Anderson Lee
andersonlee2002 at hotmail.com
Fri Jan 3 21:04:28 PST 2003
Thank your answer, Mr. Paxon!
However, I am still can't understand why all the status of connection not
from/to my host is "S0", which means "no answer", while my host's
connections were all right. In my network, my computer was running
Redhat7.3, others windows. As I known, Bro is a network IDS, I think it
should moniter all packets in my network. It is unbleveable that all other
connections were not finished succesfully.
Waiting for your answer. Thank you!
Anderson Lee
4/1/2003
>From: Vern Paxson <vern at icir.org>
>To: "Anderson Lee" <andersonlee2002 at hotmail.com>
>CC: bro at lbl.gov
>Subject: Re: about Date: Fri, 03 Jan 2003 10:02:49 -0800
>
> > While the connection
> > between other hosts(also in my network) can not show all information,
>such
> > as src_bytes and dst_bytes, instead of number it show "?".
>
>The key for those connections is their status. In this case, it is S0:
>
> > 1041604588.107852 ? ftp ? ? 10.1.2.251 10.1.2.28 S0 X
> > ~~~ ~~~~~
> ^^
>
>which (as explained in doc/conn-logs) means "no answer". Because there
>was no answer, the connection does not have a meaningful duration, or
>volume of bytes sent in either direction.
>
> Vern
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
More information about the Bro
mailing list