[Bro] tcp delay events!?

Khaled El Dassouki ke17 at aub.edu.lb
Fri Dec 30 07:13:34 PST 2011


Hello,
I am using Bro in my research work. My problem is that I am trying to  
write a Bro script that fires alarms based on TCP packet delays. I  
didn’t find any Bro event that could be handled at every received  
packet. I tried the tcp_packet and new_packet events but it seems that  
they are not fired at every received packet. Even I tried to write a  
signature that could be hit at every tcp packet but I found that  
unfortunately tcp signatures could be hit only once at the receiving  
of the first tcp packet.
Please help I am really tired…





More information about the Bro mailing list