[Bro] TCP Flow Packet Counts

Vern Paxson vern at icir.org
Thu Nov 4 15:56:47 PDT 2010


> I am using version 1.5.1 of bro. The trace I am using is attached as
> well as the bro policy file.

Thanks for the trace.  The problem appears to be that packet counting
doesn't work for TCP connections that lack an initial SYN.

We have a project right now in considerably extending the analysis framework.
So hopefully this will be fixed the next Bro release.

		Vern



More information about the Bro mailing list