[Bro-Dev] TCP RTT estimation
Juhoon Kim
juhoon at net.t-labs.tu-berlin.de
Wed Dec 1 13:07:15 PST 2010
>> Juhoon, this is one of the reasons why I recommended the
handshake_sum_estimate event in my branch.
>> It essentially does what you want to do, but just on TCP handshakes.
>> That's because with the handshake we can easily figure out what segment
(b) is (it's the ACK to the SYN-ACK).
Thanks Katrina, but I don't think that an RTT of a TCP handshake represents
the average RTT of a whole flow. One of things we want to know is how it
differs on flow sizes.
>> As Vern pointed out, determining (b) is tough in general.
Yes, I now realize that it is not that easy as I thought. I think I will
come back to this discussion with a better idea.
More information about the bro-dev
mailing list