[Bro] handle out of order and retransmitted packets in offline trace
sxz135 at case.edu
Mon May 30 23:24:57 PDT 2011
I found the reason why the majority of the port numbers in the rewritten
trace is 20480 instead of 80 is that in the library <netinet/tcp.h> the
variables representing source port and destination port(th_sport and
th_dport) don't store the real port numbers as I think. Actually, it stores
port 80 as 20480 and it stores other port numbers differently from they are
supposed to be. Anyone knows the reason? Is it a kind of one to one mapping?
Or I made a mistake on using it?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro