You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Initial expectation was that a hanging nc -4 localhost 8080 to a nc -l -p 8080 would produce a conn_long entries 5 seconds after connection establishment, repeating every 5 seconds in conn_long until Zeek times out the connection due to inactivity.
However, because there's no packets for the connection flowing, it's c$duration field is not updated and so there's not a single conn_long entry created for it, just one conn.log entry with "duration":0.00007796287536621094".
Wonder if the callback should compute "an assumed duration" of the connection at the time of the callback instead of relying on c$duration that may be stale, or whether that's just a corner-case that doesn't matter.
local duration = network_time() - c$start_time;
The text was updated successfully, but these errors were encountered:
When configuring this package with:
Initial expectation was that a hanging
nc -4 localhost 8080to anc -l -p 8080would produce a conn_long entries 5 seconds after connection establishment, repeating every 5 seconds in conn_long until Zeek times out the connection due to inactivity.However, because there's no packets for the connection flowing, it's
c$durationfield is not updated and so there's not a single conn_long entry created for it, just one conn.log entry with "duration":0.00007796287536621094".Wonder if the callback should compute "an assumed duration" of the connection at the time of the callback instead of relying on c$duration that may be stale, or whether that's just a corner-case that doesn't matter.
The text was updated successfully, but these errors were encountered: