[Zeek-Dev] connection $history - 'g' for gap
Michał Purzyński
michalpurzynski1 at gmail.com
Tue Apr 9 05:57:58 PDT 2019
It’s one of these brilliant ideas that I cannot believe we haven’t got yet ;)
Let’s implement it.
> On Apr 9, 2019, at 1:36 PM, Seth Hall <seth at corelight.com> wrote:
>
> I think it would be useful. I can't believe we hadn't already thought of adding that!
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
>
>> On Apr 8, 2019, at 10:02 PM, Vern Paxson <vern at corelight.com> wrote:
>>
>> I'm finding it would be handy to be able to glance at a connection log line
>> and know that the analysis for the connection experienced a content gap.
>> For example, this can immediately explain why DPD failed to identify a
>> known server.
>>
>> Proposal: add 'g'/'G' connection history values, scaled in the same
>> exponential way as for 'c', 't' and 'w'.
>>
>> Any thoughts/objections before I go ahead and implement this?
>>
>> Vern
>> _______________________________________________
>> zeek-dev mailing list
>> zeek-dev at zeek.org
>> http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
>
> _______________________________________________
> zeek-dev mailing list
> zeek-dev at zeek.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
More information about the zeek-dev
mailing list