TracNav menu
-
How To
- Setup An Experiment
-
GUI
- Overview
- Options
- Controls
- Topology
-
Agents and Variables
- Overview
- Functions
- Scripting
- Topology
- Traffic
- Attacks
- Analysis
-
Development/Extending
- Overview
- Adding GUI Panels
- Adding Agent Types
FloodWatch
The FloodWatch agent responds to object type 'FLOODWATCH'.
- NODES
- controls which nodes will take part in this detector group
- MODE
- what mode to run in, TRAIN for training only, DETECT for detect only, RESPOND for detect and repsond
- CHISQIPLEN
- boolean to determine use of the IP length detector with the chisq statistic
- CHISQSRCADDR
- boolean to determine use of the srcaddr detector with the chisq statistic
- CHISQSRCPORT
- boolean to determine use of the srcport length detector with the chisq statistic
- CHISQDSTADDR
- boolean to determine use of the dstaddr length detector with the chisq statistic
- CHISQDSTPORT
- boolean to determine use of the dstport length detector with the chisq statistic
- ENTORPYIPLEN
- boolean to determine use of the IP length detector with the entropy statistic
- ENTORPYSRCADDR
- boolean to determine use of the srcaddr detector with the entropy statistic
- ENTORPYSRCPORT
- boolean to determine use of the srcport length detector with the entropy statistic
- ENTORPYDSTADDR
- boolean to determine use of the dstaddr length detector with the entropy statistic
- ENTORPYDSTPORT
- boolean to determine use of the dstport length detector with the entropy statistic
