[Bro] handle out of order and retransmitted packets in offline trace
sxz135 at case.edu
Fri May 27 11:45:41 PDT 2011
I also tried ./bro -r readfile -A writerfile http-rewriter.bro, whose
results seem to be the same as those of ./bro -r readfile http-rewriter.bro
-A writefile. And is there any difference of the resulting trace between
using -A and - w for http-rewriter.bro? I tried some examples and their
results seem the same.
Does http-rewriter.bro by default use DPD to find http streams intead of
After rewriting a big trace which insists of all kind of streams(TCP and
UDP) using http-rewriter.bro, the ports of the resulting trace range widely,
including 80,8000,8080,631,1080 and so forth. Interestingly, majority of
them are port 20480. Is it because of use of DPD?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro