[Zeek] Long lasting UDP connection's expiry
Nabil Memon
nabilmemon.ec at gmail.com
Mon Jun 8 00:07:35 PDT 2020
Hi Zeek,
Hope you are well.
I am currently working on extracting data from SIP protocol. In which, I
came across a use case of holding every data exchanged over a UDP
connection into the connection record and at the time of connection
terminates, I want to work with all the combined data.
The connection is over UDP and between two proxies. Because of which I see
the connection to be very active. In UDP there is no connection termination
sequence like we have in TCP(FIN/FIN-ACK). Because of which, the connection
lasts very long and it almost never expires(considering the connection is
over two proxies).
What if I would like to terminate the UDP connection manually at some
trigger. Is there a way where I can forcefully terminate the connection and
not wait for 1 minute to bypass standard UDP connection expiry?
Thanks a lot for your help.
Regards,
Nabil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200608/5c7f5baa/attachment.html
More information about the Zeek
mailing list