[Bro] ConnCompressor, TCP options
james.swaro at gmail.com
Thu Jan 6 12:50:14 PST 2011
I am developing a module for offline analysis of bulk traces to detect
and categorize TCP behavior when a retransmission takes place. I was
browsing through ConnCompressor.cc when I read the heading at the top of
Why is initial packet faked and not passed as originally observed? Is it
something specific about the use of Bro as an IDS?
Can you disable the use of the compressor? If so, how ?
More information about the Bro