tcpdump mailing list archives
Concurrent TCP Connections
From: César Cárdenas <ccardena () itesm mx>
Date: Wed, 25 Aug 2004 09:12:25 +0200
Dear all: I apologize because I was not clear about my question... I use the following instruction for capturing packet info in a file: windump ?n ?i 2 tcp >tcptest.txt I am using windows 2000 I want to determine the number of concurrent TCP connections during the capturing interval...I look at the SYN, FIN, FIN/PUSH and '.' flags field. To my understand: 'S' + win (value) means the start of a TCP connection 'F' or 'FP' means the end of a TCP connection To determine the number of concurrent TCP connections I start with the first line...a counter start with zero, if flag is S+win I add one to a counter else I substract one to the counter...through the time this should compute the number of concurrent TCP connections... In a one-hour capturing file the cumulated number of concurrent TCP connections is negative (more than -1000)...is that normal? In addition, the number of concurrent TCP connections through the time decrease linearly to more than -1000... Does any one have a suggestion for computing the number of concurrent TCP connections... Many thanks for your help, César - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- filtering port ranges Ed Sawicki (Aug 24)
- number of concurrent TCP sessions César Cárdenas (Aug 24)
- Re: number of concurrent TCP sessions César Cárdenas (Aug 24)
- Re: number of concurrent TCP sessions Kiss Karoly (Aug 24)
- Re: number of concurrent TCP sessions César Cárdenas (Aug 24)
- Concurrent TCP Connections César Cárdenas (Aug 25)
- Re: Concurrent TCP Connections ronnie sahlberg (Aug 25)
- Re: number of concurrent TCP sessions Stephen Donnelly (Aug 25)
- Estimating whole parameters in a switched net César Cárdenas (Aug 29)
- number of concurrent TCP sessions César Cárdenas (Aug 24)
- Re: filtering port ranges Ed Sawicki (Aug 24)