zeek/scripts/base/protocols/conn at 1c381b553110ca16a1b4561be9d477524bfb8c48 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00

History

Christian Kreibich b0f96fa22c Expand Conn::Info$duration comment to clarify TCP end-of-connection handling From Vern in GH-846: This is a conscious decision in the TCP analysis to consider a connection's "duration" to run up through the end of its productive (= data can be delivered) lifetime, not extending beyond that. So once it's closed, packets seen subsequently (until the state-holding for the connection times out) get processed in terms of updating the associated history, but not the duration. This can include (unnecessarily) retransmitted data packets, like in one of the examples above. An advantage of this definition of "duration" is it allows more accurate computation of connection data rates.		2022-11-30 09:39:57 -08:00
..
__load__.zeek	GH-1119: add base/protcols/conn/removal-hooks.zeek	2020-09-11 12:12:10 -07:00
contents.zeek	Remove trailing whitespace from script files	2021-10-20 09:57:09 -07:00
inactivity.zeek	Introduce generic analyzer_confirmation_info and analyzer_violation_info	2022-09-27 17:49:51 +02:00
main.zeek	Expand Conn::Info$duration comment to clarify TCP end-of-connection handling	2022-11-30 09:39:57 -08:00
polling.zeek	reduce memory usage of ConnPolling	2020-06-26 18:51:29 -04:00
README	Add README files for base/protocols	2013-10-17 12:47:32 -05:00
removal-hooks.zeek	GH-1119: add base/protcols/conn/removal-hooks.zeek	2020-09-11 12:12:10 -07:00
thresholds.zeek	Spelling fixes: scripts	2022-11-02 17:36:39 -04:00

Support for connection (TCP, UDP, or ICMP) analysis.