Monitor Network Flows of Streams (hack)

Follow

Chris Hewitt

• September 25, 2020 11:14
• Edited

We have a number of streaming devices that don’t tear down their TCP connection. A single connection will live for months and, for reasons I don’t understand, the Firewalla won’t see it until tear down.

We tried tcpkill to reset the connection but haven’t had much luck with that in a script. We did get success with resetting the streaming device. Resetting the device is a four second interruption which we would prefer not to have but acceptable for our testing. After adding an hourly reset to crontab the network flows are accurately displaying the streaming traffic.

See the last entry. 

All the traffic spikes occurred during tests where we reset the stream. 

1

• 

  Firewalla

  • September 25, 2020 16:57

  Hi Chris

  Great stuff!  We do have one of our engineers trying different things.  And glad to see your method is working.   Will relay this to our engineer!

  1

  Comment actions Permalink
• 

  Chris Hewitt

  • January 04, 2021 23:10

  I see that streaming devices now appear to show in the flows. What’s the change and how do you manage TCP connections of long duration?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 04, 2021 23:49

  @chris, are you using 1.972?  1.972 we started to sample long connections

  0

  Comment actions Permalink

Please sign in to leave a comment.