[Bro] TCP Flow Packet Counts

Bryce Boe bboe at cs.ucsb.edu
Fri Nov 5 10:43:09 PDT 2010


Thanks for looking into this Vern.

-Bryce

On Thu, Nov 4, 2010 at 3:56 PM, Vern Paxson <vern at icir.org> wrote:
>> I am using version 1.5.1 of bro. The trace I am using is attached as
>> well as the bro policy file.
>
> Thanks for the trace.  The problem appears to be that packet counting
> doesn't work for TCP connections that lack an initial SYN.
>
> We have a project right now in considerably extending the analysis framework.
> So hopefully this will be fixed the next Bro release.
>
>                Vern
>




More information about the Bro mailing list