[Bro] TCP Flow Packet Counts

Bryce Boe bboe at cs.ucsb.edu
Fri Nov 5 10:43:09 PDT 2010

Thanks for looking into this Vern.


On Thu, Nov 4, 2010 at 3:56 PM, Vern Paxson <vern at icir.org> wrote:
>> I am using version 1.5.1 of bro. The trace I am using is attached as
>> well as the bro policy file.
> Thanks for the trace.  The problem appears to be that packet counting
> doesn't work for TCP connections that lack an initial SYN.
> We have a project right now in considerably extending the analysis framework.
> So hopefully this will be fixed the next Bro release.
>                Vern

More information about the Bro mailing list