[Bro-Dev] TCP RTT estimation

Vern Paxson vern at icir.org
Tue Nov 30 08:01:40 PST 2010

> The idea what I have about RTT is measuring a gap between the time a
> segment is seen and the time a segment directly after the corresponding
> ack is seen in the monitoring point. 

Can you sketch in more detail (with an example) what you have in mind?
(I've been down this path in the past, and it gets pretty complex!)

Also, what's your ultimate goal: path/performance characterization?
Katrina's is more focused on trouble-shooting, so finding exceptional
values rather than (for example) accurately tracking the RTO computation.


More information about the bro-dev mailing list