[Bro] Event for syn-ack packet
Seth Hall
seth at icir.org
Wed May 23 09:29:36 PDT 2012
On May 23, 2012, at 6:05 AM, Sheharbano Khattak wrote:
> The reply could be as short as a syn-ack. The event connection_established is too late as it doesn't matter whether the connection was established.
Are you trying to reduce your latency in detecting something? I guess I don't understand why connection_established is too late.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list