[Bro] ConnCompressor, TCP options

rmkml rmkml at free.fr
Thu Jan 6 13:00:27 PST 2011


Hi James,
For disable it, change on policy/bro.init:
  const use_connection_compressor = F &redef;
Regards
Rmkml


On Thu, 6 Jan 2011, James Swaro wrote:

> I am developing a module for offline analysis of bulk traces to detect
> and categorize TCP behavior when a retransmission takes place. I was
> browsing through ConnCompressor.cc when I read the heading at the top of
> the file.
>
> Why is initial packet faked and not passed as originally observed? Is it
> something specific about the use of Bro as an IDS?
>
> Can you disable the use of the compressor? If so, how ?
>
> Thanks!
>
> -- 
> -James Swaro
> -Graduate Student
> -Ohio University
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>



More information about the Bro mailing list