[Bro] Dump reassembled packets
netanelmaman0 at gmail.com
Sun Feb 16 08:43:12 PST 2014
First, sorry about my english.
Im try to dump reassembled http request with "set_record_packets" when i
see intresting thing in my bro rules.
The problem is that this option dump only the *last* truncated packet and
the rest of connection.
Can i get previous truncated packets of known connection?
I tried a few hours but don't understand how to.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro