Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/conn
History
Christian Kreibich b0f96fa22c Expand Conn::Info$duration comment to clarify TCP end-of-connection handling 
From Vern in GH-846: This is a conscious decision in the TCP analysis to
consider a connection's "duration" to run up through the end of its
productive (= data can be delivered) lifetime, not extending beyond that. So
once it's closed, packets seen subsequently (until the state-holding for the
connection times out) get processed in terms of updating the associated
history, but not the duration. This can include (unnecessarily) retransmitted
data packets, like in one of the examples above. An advantage of this definition
of "duration" is it allows more accurate computation of connection data rates.
2022-11-30 09:39:57 -08:00
..
__load__.zeek GH-1119: add base/protcols/conn/removal-hooks.zeek 2020-09-11 12:12:10 -07:00
contents.zeek Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
inactivity.zeek Introduce generic analyzer_confirmation_info and analyzer_violation_info 2022-09-27 17:49:51 +02:00
main.zeek Expand Conn::Info$duration comment to clarify TCP end-of-connection handling 2022-11-30 09:39:57 -08:00
polling.zeek reduce memory usage of ConnPolling 2020-06-26 18:51:29 -04:00
README Add README files for base/protocols 2013-10-17 12:47:32 -05:00
removal-hooks.zeek GH-1119: add base/protcols/conn/removal-hooks.zeek 2020-09-11 12:12:10 -07:00
thresholds.zeek Spelling fixes: scripts 2022-11-02 17:36:39 -04:00

README 

Support for connection (TCP, UDP, or ICMP) analysis.