[Bro] delayed bro operation / update
Jim Mellander
jmellander at lbl.gov
Mon Jul 20 22:01:41 PDT 2015
Hi Frank:
My application was a bit different - was receiving live pcaps from a
multitude of sensors, and pushing them all in realtime onto the virtual
interface, so the timestamp offset was negligible - this was also fairly
low bandwidth - obviously, different applications require different tools.
On Mon, Jul 20, 2015 at 5:37 AM, Frank Meier <franky.meier.1 at gmx.de> wrote:
> Hi Jim!
>
> On Fr, Jul 17, 2015 at 5:54 , Jim Mellander <jmellander at lbl.gov> wrote:
>
> I addressed a similar problem by writing a little C program that takes
> pcaps and pushes them onto a virtual network interface, for bro to
> monitor.... Now let me see if I can find that code.
>
>
> we thought about that, but the disadvantage is, that all the timestamps
> get lost. Also we had a lot of problems with lost packets.
>
> Franky
>
>
>
> On Thu, Jul 16, 2015 at 3:19 AM, Kristoffer Björk <
> kristoffer.bjork at gmail.com> wrote:
>
>> sounds intreresting. Would it be possible for you to make that tcpslice
>> patch available?
>>
>> Thanks!
>>
>> //Kristoffer
>>
>> On Tue, Jul 7, 2015 at 4:15 PM, Seth Hall <seth at icir.org> wrote:
>>
>>>
>>> > On Jul 7, 2015, at 8:11 AM, Frank Meier <franky.meier.1 at gmx.de> wrote:
>>> >
>>> > just as a follow up: I experimented with a patched version of tcpslice
>>> which opens pcaps and sends them to a fifo.
>>>
>>> Hah! That’s an interesting approach.
>>>
>>> .Seth
>>>
>>> --
>>> Seth Hall
>>> International Computer Science Institute
>>> (Bro) because everyone has a network
>>> http://www.bro.org/
>>>
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150720/a18c5c28/attachment.html
More information about the Bro
mailing list