[Bro-Dev] #724: Changing semantics of ConnSizeAnalyzer

Gregor Maier gregor at icir.org
Fri Jan 13 21:45:31 PST 2012


On 12/18/11 15:57 , Bro Tracker wrote:
> #724: Changing semantics of ConnSizeAnalyzer
> ----------------------+--------------------
>    Reporter:  seth     |      Owner:
>        Type:  Problem  |     Status:  new
>    Priority:  High     |  Milestone:  Bro2.0
>   Component:  Bro      |    Version:
> Resolution:           |   Keywords:
> ----------------------+--------------------
>
> Comment (by robin):
>
>   I'm reluctant to count only payload bytes as I find that not very
>   intuitive and also non-standard (NetFlow for example counts IP bytes
>   as well).

Actually IIRC, NetFlow counts IP-payload (i.e., including tcp/udp 
headers but not IP headers).


More information about the bro-dev mailing list