Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README

Extended TCP Analysis
=====================

TCPRS is a TCP traffic analyzer that specializes in the detection
and classification of retransmission and network reordering events.

The following forms of events are available in the TCPRS analyzer:

    - Dead connection detection
    - TCP option detection
    - Retransmission detection and classification
    - Limited Transmit and Fast Recovery detection
    - Network reordering detection and classification
    - RTT and initial RTO measurements

To activate all of the new functionality, load ``jswaro/TCPRS``. To use
the analyzer without the use of any of the provided scripts, you can
enable it inside a ``bro_init`` handler::

    event bro_init()
	    {
        TCPRS::EnableTCPRSAnalyzer();
        }

Included with the analyzer is a collection of 103 test cases that
are used for iterative design and refinement of the analyzer. Each
test case is used to verify a specific function of the analyzer or
general classification of events.

About

TCP Retransmission and State Analyzer plugin for the Bro-IDS framework

Resources

License

Languages

You can’t perform that action at this time.