[Bro] scheduled tasks on existing pcaps
Mike Dopheide
dopheide at gmail.com
Wed Jun 18 10:13:26 PDT 2014
Howdy,
We're doing some fairly simple analysis regarding concurrent connections on
existing pcaps. Bro basically does all of that for us, but I'm hoping to
output the current number of active connections every few seconds.
Do Bro's scheduled tasks run in real time or network time when a pcap is
passed to it? I'm assuming real time, so my next question would be what's
the best way to output a regular status in original network time? I could
fake it with tcpreplay, but I'd like to avoid that.
Thanks,
Dop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140618/b6550ac9/attachment.html
More information about the Bro
mailing list