Hi,
I am new to BRO IDS and i am working on project on TCP latency behavior to get information about communicating peer. I tried to implement my algo in Bro, but i stuck with calculating rtt of connection. i was trying to put timer in conn.bro under event new_connection and then calculate the rtt in event connection_established. but it does not work out. can any body point me in right direction to look for.
I will appreciate any help.
hi Gurvinder
my colleagues and I examined characteristics like RTT back in 2005. Our scripts are available from:
http://www.bro-ids.org/bro-contrib/network-analysis/akm-imc05/
Please note that these scripts will not run on current versions of Bro, but you should be able to estimate RTT in a similar manner. (the particular issues I can think of are: these scripts were developed on a earlier version of Bro that used ALERT to generate messages, while current versions of Bro use NOTICE; and you may need to explicitly set "redef use_compression_compressor=F;") The README file at the above location contains references to the papers that we wrote that used the data collected with these scripts. You may find those useful as well.
Martin
Gurvinder Singh Dahiya wrote: