[Bro] scan.bro and missing log entries
seth at icir.org
Fri Dec 3 17:28:09 PST 2010
On Dec 3, 2010, at 7:21 PM, Robin Sommer wrote:
> No, the script doesn't provide that currently. The problem is that
> it would require quite a bit more state to keep. I know that it
> would be useful though, others have been running into similar
> problems already. Perhaps we should think about adding that.
Another option in this case is to improve the Skype analyzer so that Bro can recognize all Skype packets and not count them in scan detection.
More information about the Bro