[Bro] Using BRO for measuring TCP flow bandwidth
sridhar basam
sridhar.basam at gmail.com
Thu Aug 12 10:19:14 PDT 2010
If you are looking to get averages over the tcp session, look at the
conn.bro file. It records enough information for you to derive the average
throughput in either direction over the life of the connection. You can
change the routine "record_connection" to calculate the avg. throughput in
each direction.
sridhar
On Wed, Aug 11, 2010 at 11:18 PM, Harkeerat Bedi <hsbedi at memphis.edu> wrote:
> Hello,
>
> I am a beginner to BRO IDS and am currently using it for monitoring one
> interface of a FreeBSD machine over an experiment network.
>
> Part of my project now requires to also capture the network bandwidth being
> utilized by a flow that passes thorough the BRO monitored interface. By
> flow we mean, a source-destination IP pair.
>
> Is this kind of measurement possible in BRO? If not, is there any add-on
> which can be used to accomplish the same task using BRO?
>
> Kindly suggest and thanks in advance.
>
> Regards,
> Harkeerat Bedi
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Sridhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100812/72d6e221/attachment.html
More information about the Bro
mailing list