Hi,
I am new to BRO IDS and i am working on project on TCP latency behavior to
get information about communicating peer. I tried to implement my algo in
Bro, but i stuck with calculating rtt of connection. i was trying to put
timer in conn.bro under event new_connection and then calculate the rtt in
event connection_established. but it does not work out. can any body point
me in right direction to look for.
I will appreciate any help.
- Gurvinder Singh
Hi list,
Is there an event I can hook that would allow me to do a regex on the
raw bytes of a packet if I knew the hex pattern of the bytes I want to
match?
-Tim
I am getting started with Bro, and am using Robin's 1.4 stand-alone
cluster branch. I was trying to detect some IRC traffic using DPD, but
realized that it was being filtered. In the Workshop 2009 materials, it
mentioned adapting the packet filter by adding the -f "tcp". I tried
that, tested it on my pcap file, and it worked. How do I enable/disable
the -f "tcp" option in the cluster configuration?
Tyler
--
Tyler Schoenke
IT Security Office
University of Colorado - Boulder
