[Bro] Auckland Traffic Trace
Duc T Ha
ducha at cse.buffalo.edu
Mon Feb 19 10:21:07 PST 2007
Sorry for a deviate question.
I am wondering if anybody here worked with some existing network traffic
traces and might provide some help.
+ Recently, I went through repositories like NLANR, LBL's and Auckland
to get some statistics. Somehow, the Auckland trace is very strange.
For example, Bro returns nothing about connection statistics (using
"conn" policy file). I checked again with Ethereal and found that in
every connection reported by Ethereal, there's only one flow (the other
direction is completely missing : 0 packets, 0 bytes) . Another tool
returns the same result.
Does anybody here know why?
+ I wonder if there is any mailing list/ group dedicated to this topic
(something like this list).
Any tip will be very much appreciated.
Thanks and best regards,
Duc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ducha.vcf
Type: text/x-vcard
Size: 263 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070219/49de5d8e/attachment.vcf
More information about the Bro
mailing list