[Bro] delayed bro operation / update
Frank Meier
franky.meier.1 at gmx.de
Mon Jul 20 05:37:58 PDT 2015
Hi Jim!
On Fr, Jul 17, 2015 at 5:54 , Jim Mellander <jmellander at lbl.gov> wrote:
> I addressed a similar problem by writing a little C program that
> takes pcaps and pushes them onto a virtual network interface, for bro
> to monitor.... Now let me see if I can find that code.
we thought about that, but the disadvantage is, that all the timestamps
get lost. Also we had a lot of problems with lost packets.
Franky
>
> On Thu, Jul 16, 2015 at 3:19 AM, Kristoffer Björk
> <kristoffer.bjork at gmail.com> wrote:
>> sounds intreresting. Would it be possible for you to make that
>> tcpslice patch available?
>>
>> Thanks!
>>
>> //Kristoffer
>>
>> On Tue, Jul 7, 2015 at 4:15 PM, Seth Hall <seth at icir.org> wrote:
>>>
>>> > On Jul 7, 2015, at 8:11 AM, Frank Meier <franky.meier.1 at gmx.de>
>>> wrote:
>>> >
>>> > just as a follow up: I experimented with a patched version of
>>> tcpslice which opens pcaps and sends them to a fifo.
>>>
>>> Hah! That’s an interesting approach.
>>>
>>> .Seth
>>>
>>> --
>>> Seth Hall
>>> International Computer Science Institute
>>> (Bro) because everyone has a network
>>> http://www.bro.org/
>>>
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150720/1d0e35b5/attachment.html
More information about the Bro
mailing list