[Bro] (Traffic characteristics extraction with Bro - Continue)
Duc T Ha
ducha at cse.buffalo.edu
Tue Jan 23 17:09:52 PST 2007
I have looked at some files while still waiting for some hints for my
Then I found the event "new_packet" , which looks promising.
However, I DON"T know if the packet reported there is already
"processed", i.e only valid packets for the connection are considered
while others such as: duplicate or out of order packets are not reported
to the handler?
Does anybody know how this event works ? I REALLY need some answers to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070123/c50ad2b0/attachment.vcf
More information about the Bro