[Bro] tcp delay events!?

Vern Paxson vern at icir.org
Tue Jan 3 14:09:16 PST 2012


> However there is another thing that  
> I would like to point to is when using the tcp_packet event handler.  
> The event is fired two times at the same moment (network_time()) for  
> the SYN and the SYN ACK message. Is it normal?

For Bro 1.5, my guess is this is due to the default use of the "connection
compressor".  Try running with "use_connection_compressor=F" on the command
line to turn it off.

		Vern



More information about the Bro mailing list