Hello,
Is the timer implementation in bro based on the packet timestamps ?
I am trying to understand how bro keeps separate timers for, say,
1000 simultaneous tcp sessions, for example. Any clarification is appreciated.
Thanks for any info !
Yes, right. (That's generally true for Bro's notion of time; the
"network time" is advanced as packets are processed).
Robin