diff --git a/probe/endpoint/connection_tracker.go b/probe/endpoint/connection_tracker.go
index e65c4d3c5..db9764b4e 100644
--- a/probe/endpoint/connection_tracker.go
+++ b/probe/endpoint/connection_tracker.go
@@ -87,8 +87,8 @@ func (t *connectionTracker) ReportConnections(rpt *report.Report) {
 		ebpfLastFailureTime := t.ebpfLastFailureTime
 		t.ebpfLastFailureTime = time.Now()
 
-		if ebpfLastFailureTime.After(time.Now().Add(-5 * time.Minute)) {
-			// Multiple failures in the last 5 minutes, fall back to proc parsing
+		if ebpfLastFailureTime.After(time.Now().Add(-1 * time.Minute)) {
+			// Multiple failures in the last minute, fall back to proc parsing
 			log.Warnf("ebpf tracker died again, gently falling back to proc scanning")
 			t.useProcfs()
 		} else {
diff --git a/probe/endpoint/conntrack.go b/probe/endpoint/conntrack.go
index 92678878e..0e2ae17ba 100644
--- a/probe/endpoint/conntrack.go
+++ b/probe/endpoint/conntrack.go
@@ -135,16 +135,20 @@ func (c *conntrackWalker) run() {
 		return
 	}
 
-	defer log.Infof("conntrack exiting")
-
+	periodicRestart := time.After(6 * time.Hour)
 	// Handle conntrack events from netlink socket
 	for {
 		select {
+		case <-periodicRestart:
+			log.Debugf("conntrack periodic restart")
+			return
 		case <-c.quit:
+			log.Infof("conntrack quit signal - exiting")
 			stop()
 			return
 		case f, ok := <-events:
 			if !ok {
+				log.Errorf("conntrack events read failed - exiting")
 				return
 			}
 			if f.Err != nil {
diff --git a/probe/endpoint/ebpf.go b/probe/endpoint/ebpf.go
index 2a1e1aefe..aca292851 100644
--- a/probe/endpoint/ebpf.go
+++ b/probe/endpoint/ebpf.go
@@ -129,6 +129,7 @@ func newEbpfTracker() (*EbpfTracker, error) {
 		debugBPF = true
 	}
 
+	tracer.TimestampOffset = 200000 // Delay events by 0.2ms to avoid out-of-order reporting
 	tracker := &EbpfTracker{
 		debugBPF: debugBPF,
 	}