[Bro] Traffic characteristics extraction with Bro
vern at icir.org
Thu Jan 25 15:20:52 PST 2007
> I am trying to extract some flow characteristics from static data with
> Bro. I've checked the analyzer Conn.bro, but didn't find any suitable
Check out analy.bro, which does this sort of analysis on whatever connections
Bro is processing (so you need to load additional scripts to capture the
packets of interest). You may need to extend it by editing
TCPStats_Endpoint::DataSent in TCP.cc.
> At present, the characteristics I need are: mean packet size and mean
> packet inter-arrival time, all per flow.
Note, if you just want means, then you can track this quite cheaply.
(And mean inter-arrival time is just duration divided by number of packets.)
More information about the Bro