Dear all: I apologize because I was not clear about my question... I use the following instruction for capturing packet info in a file:
windump ?n ?i 2 tcp >tcptest.txt I am using windows 2000 I want to determine the number of concurrent TCP connections during the capturing interval...I look at the SYN, FIN, FIN/PUSH and '.' flags field. To my understand: 'S' + win (value) means the start of a TCP connection 'F' or 'FP' means the end of a TCP connection To determine the number of concurrent TCP connections I start with the first line...a counter start with zero, if flag is S+win I add one to a counter else I substract one to the counter...through the time this should compute the number of concurrent TCP connections... In a one-hour capturing file the cumulated number of concurrent TCP connections is negative (more than -1000)...is that normal? In addition, the number of concurrent TCP connections through the time decrease linearly to more than -1000... Does any one have a suggestion for computing the number of concurrent TCP connections... Many thanks for your help, C�sar - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
