Ramin Alidousti wrote:
> When it's _not_ tcp and it's _not_ udp then there is no sport or dport
> involved. Remove the marked lines:
>
> if (stable[num].proto == "tcp") {
> ...
> } else if (stable[num].proto == "udp") {
> ...
> } else if (stable[num].proto == "icmp") {
> ...
> } else {
> split('=',fields[3],crap,src);
> split('=',fields[4],crap,dst);
> - split('=',fields[5],crap,srcpt);
> - split('=',fields[6],crap,dstpt);
> - stable[num].src = src + "," + srcpt;
> - stable[num].dst = dst + "," + dstpt;
> }
::sigh::
That will fail to store the src and destination in the array.
Changing the else to:
} else {
split('=',fields[3],crap,src);
split('=',fields[4],crap,dst);
stable[num].src = src;
stable[num].dst = dst;
}
Will work.
Phil
--
Insanity Palace of Metallica
http://www.ipom.com
[EMAIL PROTECTED]
--
