[Bro] Using BRO for measuring TCP flow bandwidth
hsbedi at memphis.edu
Thu Aug 12 16:03:28 PDT 2010
Thank you Sridhar. I think you what you mentioned is kind of what I am
trying to do. Allow me to look into the conn.bro file and I will update here
Thank you once again.
On Thu, Aug 12, 2010 at 12:19 PM, sridhar basam <sridhar.basam at gmail.com>wrote:
> If you are looking to get averages over the tcp session, look at the
> conn.bro file. It records enough information for you to derive the average
> throughput in either direction over the life of the connection. You can
> change the routine "record_connection" to calculate the avg. throughput in
> each direction.
> On Wed, Aug 11, 2010 at 11:18 PM, Harkeerat Bedi <hsbedi at memphis.edu>wrote:
>> I am a beginner to BRO IDS and am currently using it for monitoring one
>> interface of a FreeBSD machine over an experiment network.
>> Part of my project now requires to also capture the network bandwidth
>> being utilized by a flow that passes thorough the BRO monitored interface.
>> By flow we mean, a source-destination IP pair.
>> Is this kind of measurement possible in BRO? If not, is there any add-on
>> which can be used to accomplish the same task using BRO?
>> Kindly suggest and thanks in advance.
>> Harkeerat Bedi
>> Bro mailing list
>> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro