Skip to content

jsiwek/tcprs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
scripts
scripts
 
 
src
src
 
 
tests
tests
 
 
CHANGES
CHANGES
 
 
CMakeLists.txt
CMakeLists.txt
 
 
COPYING
COPYING
 
 
Makefile
Makefile
 
 
README
README
 
 
VERSION
VERSION
 
 
bro-pkg.meta
bro-pkg.meta
 
 
configure
configure
 
 
configure.plugin
configure.plugin
 
 

Repository files navigation

Extended TCP Analysis
=====================

TCPRS is a TCP traffic analyzer that specializes in the detection
and classification of retransmission and network reordering events.

The following forms of events are available in the TCPRS analyzer:

    - Dead connection detection
    - TCP option detection
    - Retransmission detection and classification
    - Limited Transmit and Fast Recovery detection
    - Network reordering detection and classification
    - RTT and initial RTO measurements

To activate all of the new functionality, load ``jswaro/TCPRS``. To use
the analyzer without the use of any of the provided scripts, you can
enable it inside a ``bro_init`` handler::

    event bro_init()
	    {
        TCPRS::EnableTCPRSAnalyzer();
        }

Included with the analyzer is a collection of 103 test cases that
are used for iterative design and refinement of the analyzer. Each
test case is used to verify a specific function of the analyzer or
general classification of events.

About

TCP Retransmission and State Analyzer plugin for the Bro-IDS framework

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • C++ 70.8%
  • Zeek 27.2%
  • Other 2.0%