Re: number of concurrent TCP sessions

[César Cárdenas <ccardena () itesm mx>]

Apologizes for the inconvenience...
My algo for finding the number of concurrent TCP connections got more FIN
& FP flags than SYN (more than -1000)...Is it possible?
It has same behaviour if I do not take into account the FP flags?
Many thnaks for your help,
Cesar

> -- Mensaje Original --
> Date: Tue, 24 Aug 2004 18:47:00 +0200
> From: César Cárdenas <ccardena () itesm mx>
> Subject: number of concurrent TCP sessions
> Reply-To: ccardena () itesm mx
> To: tcpdump-workers () lists tcpdump org,
> tcpdump-workers () lists tcpdump org
>
>
> Dear all:
In a captured file I found '.', S, F and FP flags...
According to the manual:

flag = '.' and data-seqno = '1' implies the first time tcpdump sees a TCP
conversation.

flag = 'S' and 'win (value)' stands for the beginning of a TCP conv
> rsation

flag = 'F" implies FIN (end) and flag = 'FP' I guess implies Fin/Pushed
(anyway end)

I computed the number of concurrent TCP conversations throughout the time
by adding a '1' each time I found a 'S' and substractin a '1' each time
I fo
> nd a 'F' or a 'FP'

By doing this the number of concurrent TCP connections decreases linearly
in a negative way through the time.

Am I determining in a correct way the number of Concurrent TCP connections?
I really appreciate if you could sugges
> me how to determine the number
of concurrent TCP connections?

Please accept mys best regards,
Cesar Cardenas




-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.