Ask Your Question

How to find time gap for a session

asked 2023-07-17 20:47:41 +0000

Subrun gravatar image


I am doing a troubleshooting. I see when traffic is over f5 session get disconnected after 5 mins but not when it is dirrect ?

How can I proof from F5 capture that traffic is disconnecting after 5 mins from wireshark

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2023-07-18 21:32:13 +0000

SYN-bit gravatar image

The default idle timeout in a TCP profile on F5 is 300 seconds. So it sounds perfectly logical. You can detect a 300 sec gap in all TCP session with the filter tcp.time_delta > 300 (either as a filter or by using the find function). The F5 may or may not close the session with a TCP RST. If it does, you can check the IP TTL and compare it with other packets from the source behind the F5.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2023-07-17 20:47:41 +0000

Seen: 359 times

Last updated: Jul 18 '23