Extended TCP Analysis

TCPRS is a TCP traffic analyzer that specializes in the detection and classification of retransmission and network reordering events.

The following forms of events are available in the TCPRS analyzer:

- Dead connection detection
- TCP option detection
- Retransmission detection and classification
- Limited Transmit and Fast Recovery detection
- Network reordering detection and classification
- RTT and initial RTO measurements

To activate all of the new functionality, load jswaro/TCPRS. To use the analyzer without the use of any of the provided scripts, you can enable it inside a bro_init handler::

event bro_init()
    {
    TCPRS::EnableTCPRSAnalyzer();
    }

Included with the analyzer is a collection of 103 test cases that are used for iterative design and refinement of the analyzer. Each test case is used to verify a specific function of the analyzer or general classification of events.

tcprs

Extended TCP Analysis

Package Version :

Description :

Plugin Dir :

Build Command :

Tags :

Package Checks : ☑

Description :

Script Dir :

Plugin Dir :

Build Command :

Test Command :

Tags :

Package Checks : ☑