[Bro] Connection Events related to scan.bro

Vern Paxson vern at icir.org
Wed Apr 23 16:29:20 PDT 2008


> There is some problem with the TRW implementation when used with UDP
> traffic but I don't recall what exactly it was. The SVN log says:
> 
>     r3297 [...] Also, don't analyze UDP traffic, which currently is misaccounted.
> 
> Vern, do you remember what this was about?

The current structure of the code treats all UDP "connections" as failures,
which breaks TRW.

		Vern



More information about the Bro mailing list