[Bro] Event for syn-ack packet

Seth Hall seth at icir.org
Wed May 23 09:29:36 PDT 2012

On May 23, 2012, at 6:05 AM, Sheharbano Khattak wrote:

> The reply could be as short as a syn-ack. The event connection_established is too late as it doesn't matter whether the connection was established.

Are you trying to reduce your latency in detecting something?  I guess I don't understand why connection_established is too late.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list