[Zeek] Adding flow and packet stats on conn log
undicizeri at gmail.com
Thu Jun 25 00:37:41 PDT 2020
I'm reading a bunch of papers on interesting features for machine learning
applied on network traffic. For example CSE-CIC (
My question is: is it possible to add this type of statistic on conn.log?
- average packet size
- minimum packet size
- maximum packet size
- total time between two packets
- mean time between two packets etc.
Reading in the documentation I saw this events
as state by the documentation itself, it will lead to very poor performance.
The other code I think it could be relevant is the TCP analyzer:
I've never contributed to Zeek before and I don't know the codebase at all,
so do you think Zeek would be capable of generating this type of stats? Is
TCP.cc the right place to implement those features? Are there issues I am
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Zeek