[Bro] TCP Flow Packet Counts
Vern Paxson
vern at icir.org
Thu Nov 4 10:54:40 PDT 2010
> however I've noticed that with my sample trace, the originator
> packet count is almost always zero
Can you send along the script you're using and a trace snippet that
demonstrates the problem? (Also, what version of Bro are you running?)
I tried on a short trace just now and I get packet counts in both directions.
Could you be using a capture filter that doesn't capture data packets from
the originator?
Vern
More information about the Bro
mailing list