[Bro] TCP Flow Packet Counts

Vern Paxson vern at icir.org
Thu Nov 4 10:54:40 PDT 2010


> however I've noticed that with my sample trace, the originator
> packet count is almost always zero

Can you send along the script you're using and a trace snippet that
demonstrates the problem?  (Also, what version of Bro are you running?)

I tried on a short trace just now and I get packet counts in both directions.
Could you be using a capture filter that doesn't capture data packets from
the originator?

		Vern



More information about the Bro mailing list