[Bro] ConnCompressor, TCP options
rmkml at free.fr
Thu Jan 6 13:00:27 PST 2011
For disable it, change on policy/bro.init:
const use_connection_compressor = F &redef;
On Thu, 6 Jan 2011, James Swaro wrote:
> I am developing a module for offline analysis of bulk traces to detect
> and categorize TCP behavior when a retransmission takes place. I was
> browsing through ConnCompressor.cc when I read the heading at the top of
> the file.
> Why is initial packet faked and not passed as originally observed? Is it
> something specific about the use of Bro as an IDS?
> Can you disable the use of the compressor? If so, how ?
> -James Swaro
> -Graduate Student
> -Ohio University
> Bro mailing list
> bro at bro-ids.org
More information about the Bro