[Bro] ConnCompressor, TCP options
James Swaro
james.swaro at gmail.com
Thu Jan 6 12:50:14 PST 2011
I am developing a module for offline analysis of bulk traces to detect
and categorize TCP behavior when a retransmission takes place. I was
browsing through ConnCompressor.cc when I read the heading at the top of
the file.
Why is initial packet faked and not passed as originally observed? Is it
something specific about the use of Bro as an IDS?
Can you disable the use of the compressor? If so, how ?
Thanks!
--
-James Swaro
-Graduate Student
-Ohio University
More information about the Bro
mailing list