[Bro-Dev] #724: Changing semantics of ConnSizeAnalyzer
Bro Tracker
bro at tracker.bro-ids.org
Fri Jan 13 21:45:42 PST 2012
#724: Changing semantics of ConnSizeAnalyzer
----------------------+-----------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone:
Component: Bro | Version:
Resolution: | Keywords:
----------------------+-----------------
Comment (by gregor):
On 12/18/11 15:57 , Bro Tracker wrote:
>#724: Changing semantics of ConnSizeAnalyzer
>----------------------+--------------------
> Reporter: seth | Owner:
> Type: Problem | Status: new
> Priority: High | Milestone: Bro2.0
> Component: Bro | Version:
>Resolution: | Keywords:
>----------------------+--------------------
>
>Comment (by robin):
>
> I'm reluctant to count only payload bytes as I find that not very
> intuitive and also non-standard (NetFlow for example counts IP bytes
> as well).
Actually IIRC, NetFlow counts IP-payload (i.e., including tcp/udp headers
but not IP headers).
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/724#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list