[Bro] problem with TCP partial connection
Bindiya V S
bindiyavs at tataelxsi.co.in
Tue Feb 27 02:55:44 PST 2007
I was trying to use the FTP analyzer in the bro1.2 to analyze
FTP packets. We were trying to do some tcpreplays with some
captured pcaps. We have some FTP pcaps that are not having any
TCP handshake packets. On replaying these packets it is
observed that the signature matching for TCP is not getting invoked (ie.signatures with ip-proto == tcp).
It looks like the rulematcher of TCP is not getting called. Is
there any way we can invoke TCP rulematcher for a set of TCP
application packets which dont have any handshake packets?
More information about the Bro