[Bro] TCP handshake
estrada.veronica at gmail.com
Thu Jan 6 00:39:20 PST 2011
What happens with Bro when 3 way handshake packets are not synchronized?
In the case of offline analysis, inbound packets and outbound packets may
receive timestamps that are not synchronize (maybe due to problems in
capture machine setup).
We think that it may affect short connections. For example, the pcap file
can contain a syn-ack with a timestamp before the first SYN packet.
Can Bro detect the 3-way handshake in this situation? Or the ACK-SYN get
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro