Hi rmkml,
Have you ever research the source code of code?
I think to understand the framework of the source code and hope to get your help! 
Best Regards,
Cliff
Hi rmkml,
sorry for i typing the wrong words.
I mean whether you have interest in the source code ,not only on the use of "Bro".
Have you ever research the source code?
Because I see only the mail discussing the use of "Bro" in mail list.I hope the range of discussion should be more wide.
Thanks,
Cliff
Just to make sure -- you're generally welcome to ask anything
Bro-relevant on this list, no matter what part of the system it relates
to.
Regards,
Christian.
Greetings
I am attempting a clustering analysis on packet data collected with tcpdump using bro. I have used the conn script that comes with the bro distribution to process interarrival and connection times for connections. Also of interest are the packet interarrival and service times. Given that there is a single time stamp for each record, is there a way to calculate a service time for a packet? I don't think there is (without access to the interface) but I'm not a network expert and I thought I should check. I have the Paxson and Floyd paper 'Wide Area Traffic....' but I haven't found any bits about service time. (Vern, are you out there?)
Regards
Mike
Cliff wrote:
Hi rmkml,
Have you ever research the source code of code?
I think to understand the framework of the source code and hope to
get your help! 
Yes. There are occasional questions about the source code itself,
but most of the questions on the email list are regarding using
Bro.
Feel free to ask any questions about the source code. I'm sure
someone on the list will be able to help you.
Steve
- --