-- Mensaje Original --
Date: Tue, 24 Aug 2004 19:57:36 +0200 (CEST)
From: Kiss Karoly <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [tcpdump-workers] number of concurrent TCP sessions
Reply-To: [EMAIL PROTECTED]
On Tue, 24 Aug 2004, [iso-8859-1] César Cárdenas wrote:
Dear all:
In a capture
gt;
>To: [EMAIL PROTECTED]
>Subject: Re: [tcpdump-workers] number of concurrent TCP sessions
>Reply-To: [EMAIL PROTECTED]
>
>
>On Tue, 24 Aug 2004, [iso-8859-1] César Cárdenas wrote:
> Dear all:
> In a captured file I found '.', S, F and FP flags...
> Accordi
On Tue, 24 Aug 2004, [iso-8859-1] César Cárdenas wrote:
> Dear all:
> In a captured file I found '.', S, F and FP flags...
> According to the manual:
>
> flag = '.' and data-seqno = '1' implies the first time tcpdump sees a TCP
> conversation.
>
> flag = 'S' and 'win (value)' stands for the beginn
Apologizes for the inconvenience...
My algo for finding the number of concurrent TCP connections got more FIN
& FP flags than SYN (more than -1000)...Is it possible?
It has same behaviour if I do not take into account the FP flags?
Many thnaks for your help,
Cesar
>-- Mensaje Original --
>Date: Tu
Dear all:
In a captured file I found '.', S, F and FP flags...
According to the manual:
flag = '.' and data-seqno = '1' implies the first time tcpdump sees a TCP
conversation.
flag = 'S' and 'win (value)' stands for the beginning of a TCP conversation
flag = 'F" implies FIN (end) and flag = 'FP'
