base/protocols/conn/inactivity.zeek

Conn

Adjust the inactivity timeouts for interactive services which could very possibly have long delays between packets.

Namespace

Conn

Summary

Runtime Options

Conn::analyzer_inactivity_timeouts: table &redef

Define inactivity timeouts by the service detected being used over the connection.

Conn::port_inactivity_timeouts: table &redef

Define inactivity timeouts based on common protocol ports.

Detailed Interface

Runtime Options

Conn::analyzer_inactivity_timeouts
Type

table [AllAnalyzers::Tag] of interval

Attributes

&redef

Default
{
   [AllAnalyzers::ANALYZER_ANALYZER_SSH] = 1.0 hr,
   [AllAnalyzers::ANALYZER_ANALYZER_FTP] = 1.0 hr
}

Define inactivity timeouts by the service detected being used over the connection.

Conn::port_inactivity_timeouts
Type

table [port] of interval

Attributes

&redef

Default
{
   [513/tcp] = 1.0 hr,
   [21/tcp] = 1.0 hr,
   [23/tcp] = 1.0 hr,
   [22/tcp] = 1.0 hr
}

Define inactivity timeouts based on common protocol ports.