Skip to content
/ tcprs Public
forked from jswaro/tcprs

TCP Retransmission and State Analyzer plugin for the Bro-IDS framework

License

View license
0 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dnj12345/tcprs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

scripts

scripts

 
 

src

src

 
 

tests

tests

 
 

CHANGES

CHANGES

 
 

CMakeLists.txt

CMakeLists.txt

 
 

COPYING

COPYING

 
 

Makefile

Makefile

 
 

README

README

 
 

VERSION

VERSION

 
 

bro-pkg.meta

bro-pkg.meta

 
 

configure

configure

 
 

configure.plugin

configure.plugin

 
 

Repository files navigation

Extended TCP Analysis
=====================

TCPRS is a TCP traffic analyzer that specializes in the detection
and classification of retransmission and network reordering events.

The following forms of events are available in the TCPRS analyzer:

    - Dead connection detection
    - TCP option detection
    - Retransmission detection and classification
    - Limited Transmit and Fast Recovery detection
    - Network reordering detection and classification
    - RTT and initial RTO measurements

To activate all of the new functionality, load ``jswaro/TCPRS``. To use
the analyzer without the use of any of the provided scripts, you can
enable it inside a ``bro_init`` handler::

    event bro_init()
	    {
        TCPRS::EnableTCPRSAnalyzer();
        }

Included with the analyzer is a collection of 103 test cases that
are used for iterative design and refinement of the analyzer. Each
test case is used to verify a specific function of the analyzer or
general classification of events.

About

TCP Retransmission and State Analyzer plugin for the Bro-IDS framework

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • C++ 70.8%
  • Zeek 27.2%
  • Other 2.0%