[Bro] add TTL to conn.log
seth at icir.org
Mon Jun 3 06:00:58 PDT 2013
On Jun 3, 2013, at 5:39 AM, 김희철 <hckim at narusec.com> wrote:
> I am trying to add TTL field to conn.log
> but can not seem to get TTL
TTL is given per-packet, but the conn logs represent an entire connection. What are you looking to get?
> there is TTL in the base/event.bif I can not get it to work.
I have no clue what you're talking about here.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro