[Bro-Dev] #434: Fix secondary path

Bro Tracker bro at tracker.bro-ids.org
Fri Jul 13 14:54:15 PDT 2012


#434: Fix secondary path
---------------------+--------------------
  Reporter:  robin   |      Owner:
      Type:  Task    |     Status:  new
  Priority:  Normal  |  Milestone:  Bro2.2
 Component:  Bro     |    Version:
Resolution:          |   Keywords:
---------------------+--------------------

Comment (by vern):

 Concrete example comes from wanting to estimate flow sizes in TCP traffic
 without having to capture all TCP packets.  You can do this with SYN+FIN
 packets, except for very large flows that wrap the sequence space, you
 can't figure out the correct connection size.  large-conns.bro allows
 figuring this out at only the cost of a pretty inexpensive additional
 packet filter.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/434#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list