tcprs

https://github.com/jswaro/tcprs
2 2 5 2 Last Push 2/19/20, 6:57 PM

Extended TCP Analysis

TCPRS is a TCP traffic analyzer that specializes in the detection and classification of retransmission and network reordering events.

The following forms of events are available in the TCPRS analyzer:

- Dead connection detection
- TCP option detection
- Retransmission detection and classification
- Limited Transmit and Fast Recovery detection
- Network reordering detection and classification
- RTT and initial RTO measurements

To activate all of the new functionality, load `jswaro/TCPRS. To use the analyzer without the use of any of the provided scripts, you can enable it inside a bro_init` handler::

event bro_init()
    {
    TCPRS::EnableTCPRSAnalyzer();
    }

Included with the analyzer is a collection of 103 test cases that are used for iterative design and refinement of the analyzer. Each test case is used to verify a specific function of the analyzer or general classification of events.

Package Version :

Description :

TCP Retransmission and State Analyzer plugin for Bro.

Plugin Dir :

build

Build Command :

( ./configure --bro-dist=%(bro_dist)s && make )

Tags :

retransmission, connection state, bro plugin, TCP

Description :

TCP Retransmission and State Analyzer plugin for Bro.

Script Dir :

scripts

Plugin Dir :

build

Build Command :

( ./configure --bro-dist=%(bro_dist)s && make )

Test Command :

cd tests btest -d tcprs

Tags :

retransmission, connection state, input reader, bro plugin, conn, protocol analyzer, TCP