[Bro] using Bro as traffic analyzer.
Katrina LaCurts
katrina at csail.mit.edu
Tue Dec 6 09:53:55 PST 2011
> On Mon, Dec 5, 2011 at 10:51 PM, Vern Paxson <vern at icir.org> wrote:
> > If you need more detailed information, I am currently working on an
> > analyzer for Bro that attempts to give more detailed information about the
> > retransmission behavior of a TCP connection as part of on-going research.
>
> You should for sure contact Katrina LaCurts <katrina at csail.mit.edu>,
> who did an internship with us working on integrating this sort of analysis
> into Bro.
>
> Vern
>
> I've actually seen quite a bit of her work that she emailed to me last year. It was a phenomenal base for what I've tried to expand upon. I'd be eager to see if there had been further developments with it aside from what I've seen in the development branch.
Thanks James :)
Readon, my code can give you the RTT based on the 3-way handshake, as well as some additional RTT estimates as a connection continues, without any scripting work on your part. Email me and I'll be happy to point you towards the development branch and explain the events to you.
Katrina
More information about the Bro
mailing list