tcpdump mailing list archives

number of concurrent TCP sessions

From: César Cárdenas <ccardena () itesm mx>
Date: Tue, 24 Aug 2004 18:47:00 +0200

Dear all:
In a captured file I found '.', S, F and FP flags...
According to the manual:

flag = '.' and data-seqno = '1' implies the first time tcpdump sees a TCP
conversation.

flag = 'S' and 'win (value)' stands for the beginning of a TCP conversation

flag = 'F" implies FIN (end) and flag = 'FP' I guess implies Fin/Pushed
(anyway end)

I computed the number of concurrent TCP conversations throughout the time
by adding a '1' each time I found a 'S' and substractin a '1' each time
I found a 'F' or a 'FP'

By doing this the number of concurrent TCP connections decreases linearly
in a negative way through the time.

Am I determining in a correct way the number of Concurrent TCP connections?
I really appreciate if you could suggest me how to determine the number
of concurrent TCP connections?

Please accept mys best regards,
Cesar Cardenas

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

filtering port ranges Ed Sawicki (Aug 24)
- number of concurrent TCP sessions César Cárdenas (Aug 24)
  - Re: number of concurrent TCP sessions César Cárdenas (Aug 24)
  - Re: number of concurrent TCP sessions Kiss Karoly (Aug 24)
    - Re: number of concurrent TCP sessions César Cárdenas (Aug 24)
    - Concurrent TCP Connections César Cárdenas (Aug 25)
    - Re: Concurrent TCP Connections ronnie sahlberg (Aug 25)
    - Re: number of concurrent TCP sessions Stephen Donnelly (Aug 25)
    - Estimating whole parameters in a switched net César Cárdenas (Aug 29)
- Re: filtering port ranges alex medvedev (Aug 24)
  - Re: filtering port ranges Ed Sawicki (Aug 24)