[Bro-Dev] #724: Changing semantics of ConnSizeAnalyzer
Gregor Maier
gregor at icir.org
Fri Jan 13 21:45:31 PST 2012
On 12/18/11 15:57 , Bro Tracker wrote:
> #724: Changing semantics of ConnSizeAnalyzer
> ----------------------+--------------------
> Reporter: seth | Owner:
> Type: Problem | Status: new
> Priority: High | Milestone: Bro2.0
> Component: Bro | Version:
> Resolution: | Keywords:
> ----------------------+--------------------
>
> Comment (by robin):
>
> I'm reluctant to count only payload bytes as I find that not very
> intuitive and also non-standard (NetFlow for example counts IP bytes
> as well).
Actually IIRC, NetFlow counts IP-payload (i.e., including tcp/udp
headers but not IP headers).
More information about the bro-dev
mailing list