Date: Tue, 28 Jan 2003 16:39:47 -0500 (EST) From: Ramani Yellapragada <ramani@bobcat.ent.ohiou.edu> Subject: Re: tcptrace Connections set to INACTIve after 4 minutes idle time. Message-ID: <Pine.GSO.4.10.10301281622180.638-100000@bobcat.ent.ohiou.edu>
> Apparently, tcptrace will mark a TCP connection as INACTIVE after 4
> minutes of idle time. This means that
> subsequent packets on the same connection are counted as a new
> connection. I am not sure of the reasoning
> here, but I notice that there is a variable to set the idle time
> connection for continuous capture mode, but the
> time is hard coded for capture file mode. I think this should at least
> be settable.
This is what I feel. In capture file mode, we want to timeout connections
to free up the memory space. And 4 minutes is a good heuristic for all
types of traffic. But in real-time we want to timeout connections as it
may have many implications such as an intrusion taking place. Also in
real-time, based on the traffic characterisitics and the type of traffic
that we are capturing, we want to set the timeout. Hence the parameter is
settable in only real-time mode.
Thanks,
Ramani.
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2b30 : 01/29/03 EST