[Bro-Dev] #434: Fix secondary path
Bro Tracker
bro at tracker.bro-ids.org
Fri Jul 13 14:54:15 PDT 2012
#434: Fix secondary path
---------------------+--------------------
Reporter: robin | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version:
Resolution: | Keywords:
---------------------+--------------------
Comment (by vern):
Concrete example comes from wanting to estimate flow sizes in TCP traffic
without having to capture all TCP packets. You can do this with SYN+FIN
packets, except for very large flows that wrap the sequence space, you
can't figure out the correct connection size. large-conns.bro allows
figuring this out at only the cost of a pretty inexpensive additional
packet filter.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/434#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list