[Bro] Using BRO for measuring TCP flow bandwidth

Justin Azoff JAzoff at uamail.albany.edu
Thu Aug 12 06:13:16 PDT 2010


On Wed, Aug 11, 2010 at 11:18:36PM -0400, Harkeerat Bedi wrote:
> Part of my project now requires to also capture the network bandwidth
> being utilized by a flow that passes thorough the BRO monitored
> interface. By flow we mean, a source-destination IP pair.

capstats(included with bro) can do this:

    capstats -I 5 -i eth0 -f 'host a.b.c.d and host e.f.g.h'

-- 
-- Justin Azoff
-- Network Security & Performance Analyst



More information about the Bro mailing list