mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 04:28:20 +00:00
31f60853c9
And switch Zeek's base scripts over to using it in place of "connection_state_remove". The difference between the two is that "connection_state_remove" is raised for all events while "successful_connection_remove" excludes TCP connections that were never established (just SYN packets). There can be performance benefits to this change for some use-cases. There's also a new event called ``connection_successful`` and a new ``connection`` record field named "successful" to help indicate this new property of connections. |
||
|---|---|---|
| .. | ||
| fin_retransmission.pcap | ||
| handshake-reorder.trace | ||
| miss_end_data.pcap | ||
| missing-syn.pcap | ||
| no-handshake.pcap | ||
| option-sack.pcap | ||
| options.pcap | ||
| payload-syn.pcap | ||
| payload-synack.pcap | ||
| qi_internet_SYNACK_curl_jsonip.pcap | ||
| reassembly.pcap | ||
| retransmit-fast009.trace | ||
| rst-inject-rae.trace | ||
| ssh-dups.pcap | ||
| syn-synack.pcap | ||
| syn.pcap | ||
| tcp-fast-open.pcap | ||
| truncated-header.pcap | ||