[Bro] tcp delay events!?
Khaled El Dassouki
ke17 at aub.edu.lb
Fri Dec 30 07:13:34 PST 2011
I am using Bro in my research work. My problem is that I am trying to
write a Bro script that fires alarms based on TCP packet delays. I
didn’t find any Bro event that could be handled at every received
packet. I tried the tcp_packet and new_packet events but it seems that
they are not fired at every received packet. Even I tried to write a
signature that could be hit at every tcp packet but I found that
unfortunately tcp signatures could be hit only once at the receiving
of the first tcp packet.
Please help I am really tired…
More information about the Bro