TCP Retransmission and State Analyzer plugin for the Bro-IDS framework
C++ Bro Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
scripts
src
tests
CHANGES
CMakeLists.txt
COPYING
Makefile
README
VERSION
bro-pkg.meta
configure
configure.plugin

README

Extended TCP Analysis
=====================

TCPRS is a TCP traffic analyzer that specializes in the detection
and classification of retransmission and network reordering events.

The following forms of events are available in the TCPRS analyzer:

    - Dead connection detection
    - TCP option detection
    - Retransmission detection and classification
    - Limited Transmit and Fast Recovery detection
    - Network reordering detection and classification
    - RTT and initial RTO measurements

To activate all of the new functionality, load ``jswaro/TCPRS``. To use
the analyzer without the use of any of the provided scripts, you can
enable it inside a ``bro_init`` handler::

    event bro_init()
	    {
        TCPRS::EnableTCPRSAnalyzer();
        }

Included with the analyzer is a collection of 103 test cases that
are used for iterative design and refinement of the analyzer. Each
test case is used to verify a specific function of the analyzer or
general classification of events.