[Bro] Fragmentation and TCP overlapping Issues
vern at icir.org
Wed Dec 8 21:06:43 PST 2010
> All fragment events are handle by flow weird. When is invoked flow
> weird handler?
It's only used for packets that are so broken that Bro can't reliably
associate them with a connection.
> How can I redef these variables? I tried to redef this variables on
> my start policy but all I get are errors ((port and 21): error,
If you want TCP port 21 then you specify it as "21/tcp", not just "21".
More information about the Bro