[Bro] Traffic Volume Calculation Using Bro's Connection Log
Seth Hall
seth at icir.org
Thu Nov 21 06:00:58 PST 2013
On Nov 21, 2013, at 3:22 AM, Naveed Anwar <hunarame at gmail.com> wrote:
> Here's a quick recap of what I need to do: I want to use Bro to calculate the total volume of traffic captured in a pcap file, including all headers up to (and including) Ethernet headers.
You can't do this right now. :)
Due to how we handle ethernet headers (and vlan and mpls) that data is just not made available. Additionally, any non-ip traffic will be hard to include in the measurement. What we likely need to do is keep global counters that track the size of data pulled from libpcap. We already have a packet counter for that like this…
resource_usage()$num_packets
I'm not saying that the resource_usage built in function will stay around forever though, it's very possible that we'll reorganize that some in the future.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131121/e7bc8bd9/attachment.bin
More information about the Bro
mailing list