[Bro] Using BRO for measuring TCP flow bandwidth

Vern Paxson vern at icir.org
Mon Aug 30 15:42:16 PDT 2010

> My previous experiment setup was as follows.
> Setup1:
> Node1 (Client) <------>   Node2 (running BRO) < ------ > Node3 (Server)

If on Node2 instead of running Bro you capture packets with tcpdump, does
Bro run correctly on the resulting trace?  (Perhaps this is how you're
already capturing the traffic that it works correctly on, but I thought
of asking because on some systems packet capture for local traffic is
incomplete, and in particular lacks locally sent packets.)

What OS's are the Nodes running?


