[Bro] Packet service time vs connection time

Mike Muratet mike.muratet at torchtechnologies.com
Tue Sep 14 08:20:04 PDT 2004


I am attempting a clustering analysis on packet data collected with tcpdump 
using bro. I have used the conn script that comes with the bro distribution 
to process interarrival and connection times for connections. Also of 
interest are the packet interarrival and service times. Given that there is 
a single time stamp for each record, is there a way to calculate a service 
time for a packet? I don't think there is (without access to the interface) 
but I'm not a network expert and I thought I should check. I have the Paxson 
and Floyd paper 'Wide Area Traffic....' but I haven't found any bits about 
service time. (Vern, are you out there?)



More information about the Bro mailing list