[Bro] Traffic Volume Calculation Using Bro's Connection Log

Amir Mehmood amptcl at gmail.com
Thu Nov 21 09:06:33 PST 2013


Try using ipsumdump ...

Amir


On Thu, Nov 21, 2013 at 7:00 PM, Seth Hall <seth at icir.org> wrote:

>
> On Nov 21, 2013, at 3:22 AM, Naveed Anwar <hunarame at gmail.com> wrote:
>
> > Here's a quick recap of what I need to do: I want to use Bro to
> calculate the total volume of traffic captured in a pcap file, including
> all headers up to (and including) Ethernet headers.
>
> You can't do this right now. :)
>
> Due to how we handle ethernet headers (and vlan and mpls) that data is
> just not made available.  Additionally, any non-ip traffic will be hard to
> include in the measurement.  What we likely need to do is keep global
> counters that track the size of data pulled from libpcap.  We already have
> a packet counter for that like this…
>
> resource_usage()$num_packets
>
> I'm not saying that the resource_usage built in function will stay around
> forever though, it's very possible that we'll reorganize that some in the
> future.
>
>   .Seth
>
>
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131121/9ab28a55/attachment.html 


More information about the Bro mailing list