The Tuning Parameters section specifies the performance characteristics of the system.
Max input buffer size
Defines the size of the buffer between the packet sniffer and the hit assembler. If the hit assembler becomes too slow, packets are queued in this buffer for processing. When the hit assembler has available resources, it begins pulling packets from the queue and processing them.
When the buffer fills, the PCA begins dropping hits. By enforcing a limit on the buffer, the system prevents a crash. However, data is dropped.
Max memory consumption
Defines the maximum amount of system memory (in MB) allocated to the capture process. The default value is 1300 (about 1.3 GB).
The CX Passive Capture Application is a 32-bit application, which means each PCA process can address a maximum of 2 GB of RAM.
Max simultaneous connections
Sets the maximum number of TCP connections over which the system can simultaneously capture. If there are more connections than this number of connections, the capture system replaces the oldest connections with the new ones. After an old one closes, the system begins capturing the next new connection. By enforcing this limit, the system prevents a spike in the number of connections overloading system resources from causing a crash.
Max simultaneous connections in SYN State
Sets the maximum number of TCP connections that can be in the SYN state at one time. If there are more than this number of connections in this state, the system replaces the oldest connections with the new ones. Once an old one closes or transitions from this state, the system begins capturing the next new connection. By enforcing this limit, the system prevents SYN flood attacks from causing a crash.
Max SSL sessions to cache
Sets the maximum number of SSL sessions the system can cache concurrently. After the system reaches this limit, it discards old entries first. If a session corresponding to a discarded entry resumes, the system cannot decode it. By enforcing this limit, the system prevents a spike of improperly terminated sessions from causing a crash.
This setting can be raised with some constraints.
Max wait time for hit responses
Sets the duration of the timer that is used to determine whether a server is stalled on an HTTP request. After the system receives the last packet for a request, it starts this timer. If the timer expires before receiving the first packet of the response, the system identifies the request as stalled and packages it up as a stalled hit. If the response eventually arrives, the system ignores it. By enforcing this timer, the system prevents stalled requests from using resources.
Max wait time for hit transmissions
Sets the duration of the timer that is used to determine whether a TCP connection is hanging. After the system receives a packet for a connection, it starts this timer. If the timer expires before receiving another packet, the system identifies the connection as hanging and discards it. If the connection corresponds to an HTTP request, the system ignores it completely. If the connection corresponds to an HTTP response, the system packages the partial response data in a hit. By enforcing this timer, the system prevents hanging connections from using resources.
Max large capture packet size
Specifies the maximum TCP packet capture size. The default value is 8 KB.