is there a way to calculate a service
time for a packet?
What would this mean? Most services are TCP-based, in which case it may
take multiple packets to even express a request / response.
(That said, Bro does have a framework for packet-level analysis, but
it's not part of the documented feature set. I can give you some
source-code pointers if you want.)
I have the Paxson
and Floyd paper 'Wide Area Traffic....' but I haven't found any bits about
service time. (Vern, are you out there?)
Evidently so!
Vern