[Bro] how can I get the hostname in a SSL connection?
jes.smith.bro at aol.com
Tue Jan 28 08:53:14 PST 2014
yes, i'm working on trace files, so, there's noy way to wait the DNS reply? in that case I cannot check the validity of CN/SAN field, right?
From: Seth Hall <seth at icir.org>
To: Jessica Smith <jes.smith.bro at aol.com>
Cc: bro <bro at bro.org>
Sent: Tue, Jan 28, 2014 3:10 pm
Subject: Re: [Bro] how can I get the hostname in a SSL connection?
Are you running this on live traffic or on a trace file? If you are running on
a tracefile, it could be that Bro is terminating before the DNS reply has a
chance to get back into Bro and run that code. When statements work like
closures so they aren't executed immediately. You can think of it like the body
of the when statement is stored in the background until the condition for the
when statement becomes true or completes, it's only then that the body is
Also, you may want to print something just before the when statement just to
make sure your code is actually making it to the when statement.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro