[Bro] TCP Conn Log
mike anastasakis
anastasakis62 at gmail.com
Mon Apr 3 05:49:21 PDT 2017
Hello,
I am using Bro for a project and I have a question regarding it's
capabilities.
Currently when I have a long TCP connection that includes frequent TCP Keep
Alive messages, bro is reassembling the whole network trace into one
connection and presents it in conn.log with a big duration value. Is it
possible to make bro split up TCP connections into smaller fragments based
on a interval I set up or at least whenever a TCP Keep alive handshake
takes place?
Regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170403/87602be7/attachment.html
More information about the Bro
mailing list