Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Filter large uconns #291
Counts the number of connections between two unique hosts. If the number exceeds 250,000, any additional connections are thrown out and the source IP, destination IP, and connection count are added to a separate table. This will cause a slight increase in import time, but greatly improve analysis time for networks with hosts exchanging hundreds of thousands or millions of connections between two hosts, often as the result of placement of the packet capture. Additional connections between two hosts beyond 250,000 do not need to be analyzed, because at the point where a host is reaching out twice every second vs five times every second does not give us greater insight into whether the connection is a beacon or not.