[Bro-Dev] #434: Fix secondary path

Bro Tracker bro at tracker.bro-ids.org
Mon Jul 16 19:11:41 PDT 2012

#434: Fix secondary path
  Reporter:  robin   |      Owner:
      Type:  Task    |     Status:  new
  Priority:  Normal  |  Milestone:  Bro2.2
 Component:  Bro     |    Version:
Resolution:          |   Keywords:

Comment (by vern):

 I believe your math is off.  The default large-conns filter captures
 packets falling into 4*16KB = 64KB of the sequence space.  If data packets
 average 1KB and ACK packets average 2KB (due to ack-every-other), then
 that will be a typical total of 64+32 = 96 packets for every 4GB
 transferred.  Capturing all ACK packets, OTOH, will result in matching
 4GB/2KB = 2M packets.  So it's a very large difference.

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/434#comment:7>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list