[Bro-Dev] network_time
James Swaro
james.swaro at gmail.com
Fri Oct 12 13:00:09 PDT 2012
As I am aware, Bro has steadily moved toward a multi-threaded approach to
logging at the least. For an analyzer that I've been developing as part of
my research, I am curious to know if network_time remains coherent with the
network time given in pcap files and live capture. If not, is there a more
accurate variable available?
Of note: I've never really observed a discrepancy between the pcap files
and reported network time through the event system. Gilbert Clark and I had
a small discussion on this and I feel that from what I've seen in the
source code, network_time is likely fine, but I thought I'd get the answer
from the folk who know the source quite a bit better than I do.
Best,
--
James Swaro*
*
Internetworking Research Group
Ohio University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20121012/b1339ea1/attachment.html
More information about the bro-dev
mailing list