[Bro] how to measure size of data that transfer in connection?
hossein talebi
talebihossain at gmail.com
Sat Nov 8 10:51:29 PST 2008
Hi
i want measure size of data thet transfer in per side(how many recieve and
how many send)
I have downloaded one file with size:almost 4MB
and capture its with tcpdump(only with filtering on tcp header and on my IP
)
and sum of received data in connections almost is:4MB (this sum have been
measured in Bro via field of endpoint size in connection)
then i filter same output of tcpdump only for tcpflags(SYN,SYN-ACK,FIN) and
save with pcap format
and sum of received data in connections almost is:1MB
i don't know reason of this repugnance
i need measure size of data that transfer in per side of connection realy
while i have filter network traffic only
for SYN,SYN-ACK,FIN packet header
how to solve this problem?
please help me
thanks
--
Talebi Mazraeh Shahi Hossein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20081108/0df4713e/attachment.html
More information about the Bro
mailing list