mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
f1cef9d2a9
For example, if we have a connection between TCP "A" and TCP "B" and "A" sends segments "1" and "2", but we don't see the first and then the next acknowledgement from "B" is for everything up to, and including, "2", the gap would be reported to include both segments instead of just the first and then delivering the second. Put generally: any segments that weren't yet delivered because they're waiting for an earlier gap to be filled would be dropped when an ACK comes in that includes the gap as well as those pending segments. (If a distinct ACK was seen for just the gap, that situation would have worked). Addresses BIT-1246.
15 lines
798 B
Text
15 lines
798 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path modbus
|
|
#open 2014-09-11-15-00-05
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p func exception
|
|
#types time string addr port addr port string string
|
|
1153491909.414125 CXWv6p3arKYeMETxOg 192.168.66.235 2582 166.161.16.230 502 unknown-156 -
|
|
1153491911.997264 CXWv6p3arKYeMETxOg 192.168.66.235 2582 166.161.16.230 502 unknown-160 -
|
|
1153491913.013726 CXWv6p3arKYeMETxOg 192.168.66.235 2582 166.161.16.230 502 unknown-162 -
|
|
1153491923.091742 CXWv6p3arKYeMETxOg 192.168.66.235 2582 166.161.16.230 502 unknown-175 -
|
|
1153491923.091742 CXWv6p3arKYeMETxOg 192.168.66.235 2582 166.161.16.230 502 unknown-179 -
|
|
1153491923.623460 CXWv6p3arKYeMETxOg 192.168.66.235 2582 166.161.16.230 502 unknown-165 -
|
|
#close 2014-09-11-15-00-05
|