[Bro] how to measure size of data that transfer in connections?
hossein talebi
talebihossain at gmail.com
Sat Nov 8 23:17:45 PST 2008
Hi
i run tcpdump while file(with 4MB size) is downloading with follow filter:
"tcpdump -w pcapfile1 'tcp and host <MY IP ADDRESS>' "
then i apply filtering on pcapfile1:
"tcpdump -r pcapfile1 -w pcapfile2 'tcp[tcpflags]&(tcp-syn|tcp-fin|tcp-rst)!=0
' "
then i measured size of data by Bro version :1.2.1
but results are different(on pcapfile1 is 4MB and on pcapfile2 is 1MB)
OS: Linux(Fedora Core 8)
you can perform this work and measure sum of data that is received for two
files
--
Talebi Mazraeh Shahi Hossein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20081109/7bf0d5c1/attachment.html
More information about the Bro
mailing list