[Bro-Dev] Bro byte and packet counting in devel
Robin Sommer
robin at icir.org
Mon Mar 7 08:43:17 PST 2011
On Mon, Mar 07, 2011 at 09:54 -0500, you wrote:
> > You might also want to consider that osize and rsize try to count the
> > logical number of payload bytes whereas my analyzer counts the number of
> > IP bytes
>
> Oh, good point. That's definitely something to think about.
Yeah, it's actually an important distinction. I think I'd like the
default to remain as it it: count TCP payload, and have an option to
optionally add (but not replace with) the raw bytes. One selling point
here is that the TCP values are actually something that NetFloow can
not offer.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the bro-dev
mailing list