Date: Sat, 1 Feb 2003 10:53:58 -0500 Subject: Re: tcptrace Connections set to INACTIve after 4 minutes idle time. From: kem <kem2@mac.com> Message-Id: <5FC82FCA-35FD-11D7-80A4-000393D5E998@mac.com>
By definition, we are looking for odd or weird behaviors, not normal
conditions. This value needs to be variable if it is set at all in
capture mode.
Many times I have diagnosed problems that are hard timers that were set
with good intentions, but presented problems in real life. Tools
should offer as much flexibility as possible.
Kevin Mason
>
> This is what I feel. In capture file mode, we want to timeout
> connections
> to free up the memory space. And 4 minutes is a good heuristic for all
> types of traffic. But in real-time we want to timeout connections as it
> may have many implications such as an intrusion taking place. Also in
> real-time, based on the traffic characterisitics and the type of
> traffic
> that we are capturing, we want to set the timeout. Hence the parameter
> is
> settable in only real-time mode.
>
> Thanks,
> Ramani.
>
> -----------------------------------------------------------------------
> -----
> To unsubscribe, send a message with body containing "unsubscribe
> tcptrace" to
> majordomo@tcptrace.org.
>
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2b30 : 02/01/03 EST