I'm looking at implementing TCP Intercept on my PIX 515 by setting the embryonic connection limit on each of my statics, but so far have had no success in finding any information on suitable values for this. The Cisco PIX documentation mentions about determining the normal counts of connections in each state in order to get an idea of a setting, but no information is given on how to do this. I've dug around Google trying to find out how to create a running chart of numbers of connections in each state for a given IP, and thought I'd gotten close with the Windows Performance Monitor TCP counters - until I found that the only "current" count figure is the Connections Established, the other counters are total counts since system startup. I've looked at a number of packet filtering and capturing tools to see if any offer a simple count facility in "real time", but so far have been unsuccessful. I was hoping that someone here might be able to point me in the direction of an existing tool that can run on Win32 that can spit out a chart or table of counts of connections each state over a given period. Any ideas?
Dan