[Bro] Event for syn-ack packet

Seth Hall seth at icir.org
Wed May 23 09:29:36 PDT 2012


On May 23, 2012, at 6:05 AM, Sheharbano Khattak wrote:

> The reply could be as short as a syn-ack. The event connection_established is too late as it doesn't matter whether the connection was established.

Are you trying to reduce your latency in detecting something?  I guess I don't understand why connection_established is too late.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/





More information about the Bro mailing list