zeek_conn_states: Zeek conn-log connection state values and descriptions
In hrbrmstr/hrbrmisc: Personal 'R' Package of 'hrbrmstr'
zeek_conn_states R Documentation
Zeek conn-log connection state values and descriptions
Description
Quick ref:
Usage
zeek_conn_states
Format
An object of class data.frame with 13 rows and 2 columns.
Details
S0 Connection attempt seen, no reply.
S1 Connection established, not terminated.
SF Normal establishment and termination. Note that this is the
same symbol as for state S1. You can tell the two apart because
for S1 there will not be any byte counts in the summary, while
for SF there will be.
REJ Connection attempt rejected.
S2 Connection established and close attempt by originator seen
(but no reply from responder).
S3 Connection established and close attempt by responder seen
(but no reply from originator).
RSTO Connection established, originator aborted (sent a RST).
RSTR Responder sent a RST.
RSTOS0 Originator sent a SYN followed by a RST, we never saw a
SYN-ACK from the responder.
RSTRH Responder sent a SYN ACK followed by a RST, we never saw a SYN
from the (purported) originator.
SH Originator sent a SYN followed by a FIN, we never saw a SYN ACK
from the responder (hence the connection was “half” open).
SHR Responder sent a SYN ACK followed by a FIN, we never saw a SYN
from the originator.
OTH No SYN seen, just midstream traffic (a “partial connection” that
was not later closed).
hrbrmstr/hrbrmisc documentation built on May 1, 2023, 7:39 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| zeek_conn_states | R Documentation |
Zeek conn-log connection state values and descriptions
Description
Quick ref:
Usage
zeek_conn_states
Format
An object of class data.frame with 13 rows and 2 columns.
Details
S0 Connection attempt seen, no reply.
S1 Connection established, not terminated.
SF Normal establishment and termination. Note that this is the
same symbol as for state S1. You can tell the two apart because
for S1 there will not be any byte counts in the summary, while
for SF there will be.
REJ Connection attempt rejected.
S2 Connection established and close attempt by originator seen
(but no reply from responder).
S3 Connection established and close attempt by responder seen
(but no reply from originator).
RSTO Connection established, originator aborted (sent a RST).
RSTR Responder sent a RST.
RSTOS0 Originator sent a SYN followed by a RST, we never saw a
SYN-ACK from the responder.
RSTRH Responder sent a SYN ACK followed by a RST, we never saw a SYN
from the (purported) originator.
SH Originator sent a SYN followed by a FIN, we never saw a SYN ACK
from the responder (hence the connection was “half” open).
SHR Responder sent a SYN ACK followed by a FIN, we never saw a SYN
from the originator.
OTH No SYN seen, just midstream traffic (a “partial connection” that
was not later closed).
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.