[Bro] Using BRO for measuring TCP flow bandwidth
Harkeerat Bedi
hsbedi at memphis.edu
Thu Aug 12 16:03:28 PDT 2010
Thank you Sridhar. I think you what you mentioned is kind of what I am
trying to do. Allow me to look into the conn.bro file and I will update here
accordingly.
Thank you once again.
Regards,
Harkeerat Bedi
On Thu, Aug 12, 2010 at 12:19 PM, sridhar basam <sridhar.basam at gmail.com>wrote:
> If you are looking to get averages over the tcp session, look at the
> conn.bro file. It records enough information for you to derive the average
> throughput in either direction over the life of the connection. You can
> change the routine "record_connection" to calculate the avg. throughput in
> each direction.
>
> sridhar
>
>
> On Wed, Aug 11, 2010 at 11:18 PM, Harkeerat Bedi <hsbedi at memphis.edu>wrote:
>
>> Hello,
>>
>> I am a beginner to BRO IDS and am currently using it for monitoring one
>> interface of a FreeBSD machine over an experiment network.
>>
>> Part of my project now requires to also capture the network bandwidth
>> being utilized by a flow that passes thorough the BRO monitored interface.
>> By flow we mean, a source-destination IP pair.
>>
>> Is this kind of measurement possible in BRO? If not, is there any add-on
>> which can be used to accomplish the same task using BRO?
>>
>> Kindly suggest and thanks in advance.
>>
>> Regards,
>> Harkeerat Bedi
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
>
>
> --
> Sridhar
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100812/a0ad8653/attachment.html
More information about the Bro
mailing list