[Bro] Connection Events related to scan.bro
shoeyfighter at gmail.com
Tue Apr 22 23:41:12 PDT 2008
I am trying to understand the scanning algorithm, and am having some
slight problems understanding when certain events are generated. Below
I have included a list of the events I am interested in and my best
A TCP handshake has been completed successfully.
A TCP SYN packet has been sent.
A TCP RST was seen in response to a TCP SYN.
I am not too sure about this one. Can this only happen if the
analyzer is shut down in the middle of a connection?
Is this when one side of a connection attempts to close a
Also, slightly unrelated, I noticed in the udp-common.bro, the code
relating to "use_TRW_algorithm" is commented out... Is there a special
reason for this?
More information about the Bro