Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base
History
Christian Kreibich b0f96fa22c Expand Conn::Info$duration comment to clarify TCP end-of-connection handling 
From Vern in GH-846: This is a conscious decision in the TCP analysis to
consider a connection's "duration" to run up through the end of its
productive (= data can be delivered) lifetime, not extending beyond that. So
once it's closed, packets seen subsequently (until the state-holding for the
connection times out) get processed in terms of updating the associated
history, but not the duration. This can include (unnecessarily) retransmitted
data packets, like in one of the examples above. An advantage of this definition
of "duration" is it allows more accurate computation of connection data rates.
2022-11-30 09:39:57 -08:00
..
files Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
frameworks ftp: Introduce FTP::max_command_length 2022-11-21 09:36:29 +01:00
misc annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
packet-protocols gtpv1: Do not register for protocol detection 2022-08-26 10:47:38 +02:00
protocols Expand Conn::Info$duration comment to clarify TCP end-of-connection handling 2022-11-30 09:39:57 -08:00
utils Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
init-bare.zeek Merge remote-tracking branch 'security/topic/awelzel/121-ftp-timeout-again' 2022-11-22 12:27:37 -07:00
init-default.zeek frameworks/dpd: Move to frameworks/analyzer/dpd, load by default 2022-08-31 16:50:47 +02:00
init-frameworks-and-bifs.zeek GH-1122: Allow initializing globals with calls to subdir BIFs 2020-08-27 12:20:37 -07:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00