[Bro] How to calculate RTT
Martin Arlitt
martin.arlitt at ucalgary.ca
Thu Apr 23 11:58:42 PDT 2009
hi Gurvinder
my colleagues and I examined characteristics like RTT back in 2005. Our
scripts are available from:
http://www.bro-ids.org/bro-contrib/network-analysis/akm-imc05/
Please note that these scripts will not run on current versions of Bro,
but you should be able to estimate RTT in a similar manner. (the
particular issues I can think of are: these scripts were developed on a
earlier version of Bro that used ALERT to generate messages, while
current versions of Bro use NOTICE; and you may need to explicitly set
"redef use_compression_compressor=F;") The README file at the above
location contains references to the papers that we wrote that used the
data collected with these scripts. You may find those useful as well.
Martin
Gurvinder Singh Dahiya wrote:
> Hi,
>
> I am new to BRO IDS and i am working on project on TCP latency
> behavior to get information about communicating peer. I tried to
> implement my algo in Bro, but i stuck with calculating rtt of
> connection. i was trying to put timer in conn.bro under event
> new_connection and then calculate the rtt in event
> connection_established. but it does not work out. can any body point
> me in right direction to look for.
>
> I will appreciate any help.
>
> - Gurvinder Singh
> ------------------------------------------------------------------------
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list