[Bro] udp event handlers not catching events

Hui Lin (Hugo) hlin33 at illinois.edu
Wed Dec 9 21:31:40 PST 2015


I am analyzing a pcap which contains some UDP packets. I have redefined
both "udp_content_deliver_all_orig" and "udp_content_deliver_all_resp" as
true, but no events are caught by "udp_request", "upd_reply", and
"udp_contents". However, I can use "packets_content" and "is_udp_port" to
catch the udp communications.

Can these udp event handlers still be used?

Thanks and best,

Hui Lin

Hui Lin
PhD Candidate, Research Assistant
Electrical and Computer Engineering Department
University of Illinois at Urbana-Champaign
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151209/f8d37d8d/attachment.html 

More information about the Bro mailing list