On Tue, Dec 17, 2013 at 3:30 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > I still don't see how that information can be useful to be included in > that output as it changes very fast and by polling you will only get > stale snapshots of what it's actually happening in the TCP tracking > subsystem. Yes, this tool would be most useful for somewhat long-living TCP connections. One idea I had was to correlate the development of max ack/end with number of TCP bytes sent/received over a single link. Little development in the sequence numbers, but large amounts of data transferred could be used as an indication of a problematic link. However, the more I think about it, this will be a very complicated and unreliable solution, at least when scaled up. Thanks for your help, back to the drawing board for me :) -Kristian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
