[Bro] TCP Flow Packet Counts
bboe at cs.ucsb.edu
Fri Nov 5 10:43:09 PDT 2010
Thanks for looking into this Vern.
On Thu, Nov 4, 2010 at 3:56 PM, Vern Paxson <vern at icir.org> wrote:
>> I am using version 1.5.1 of bro. The trace I am using is attached as
>> well as the bro policy file.
> Thanks for the trace. The problem appears to be that packet counting
> doesn't work for TCP connections that lack an initial SYN.
> We have a project right now in considerably extending the analysis framework.
> So hopefully this will be fixed the next Bro release.
More information about the Bro