[Zeek-Dev] [EXT] Re: connection $history - 'g' for gap

Vern Paxson vern at corelight.com
Wed Apr 10 06:29:30 PDT 2019


> That could get very messy in the real world.  How about start of first gap,=
>  length of first gap, total number of gaps?

I think if the goal is to know whether DPD failed due to content gaps,
much better than trying to infer that from a set of gap information would
be for dpd.log to include "no DPD decision because ran into a content gap"
or such.

		Vern


More information about the zeek-dev mailing list