Timeline for how to find tcp streams without final ack/fin sequence in a huge packet capture file
Current License: CC BY-SA 3.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 11, 2021 at 19:07 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Jan 8, 2021 at 22:05 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Sep 10, 2020 at 11:01 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| May 10, 2020 at 22:01 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Jan 10, 2020 at 9:03 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Sep 12, 2019 at 3:02 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| May 12, 2019 at 20:01 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Jan 11, 2019 at 12:01 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Feb 13, 2014 at 14:17 | answer | added | bytesinflight | timeline score: 1 | |
| Jun 29, 2013 at 9:28 | answer | added | wnrph | timeline score: 1 | |
| Mar 19, 2012 at 13:05 | comment | added | Paul | I would do this this backwards, and use tcpdump to identify any streams that FIN-ACKed, then use grep to filter these from tcpdump output, then search the remainder for SYN-ACKs. But there may be a better way, so I'll wait for other suggestions. | |
| Mar 19, 2012 at 10:12 | comment | added | woodstok | at least in my scenario they are invalid . I am dealing with an IPS device that deals with these exact sequences. I need pin point the specific streams. | |
| Mar 19, 2012 at 10:01 | comment | added | Paul | Are all they all definitely invalid? You can get unclosed sessions through normal behaviour, when people are involved at least. | |
| Mar 19, 2012 at 9:26 | history | asked | woodstok | CC BY-SA 3.0 |