[Bro] howto: getting the port number only

Jake Mailinglists jbabbinlists at gmail.com
Tue Sep 18 10:49:21 PDT 2007

you should be able to split the string into an array and use the part you
want only.

local dst_port_proto = c$id$resp_p;
local port_pair = split(dst_port_proto, /\//);
# taking the connection destination port/proto pairing and spliting it into
an array with the split occuring on the "/"
local port_num = port_pair[1];
local port_proto = port_pair[2];


On 9/18/07, mel at hackinthebox.org <mel at hackinthebox.org> wrote:
> Hi all,
> I have: global destinations: set[addr,port];
> The port data type will store port information in the following format:
> 443/tcp, 22/tcp, 53/udp, etc.
> However, I'm only interested in the port number, not the protocol. How do
> I get the port number only?
> --mel
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070918/f4100327/attachment.html 

More information about the Bro mailing list