[Bro] scheduled tasks on existing pcaps
dopheide at gmail.com
Wed Jun 18 10:13:26 PDT 2014
We're doing some fairly simple analysis regarding concurrent connections on
existing pcaps. Bro basically does all of that for us, but I'm hoping to
output the current number of active connections every few seconds.
Do Bro's scheduled tasks run in real time or network time when a pcap is
passed to it? I'm assuming real time, so my next question would be what's
the best way to output a regular status in original network time? I could
fake it with tcpreplay, but I'd like to avoid that.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro