[Bro] Questions abot new_packet

mwsong mwsong at imtl.skku.ac.kr
Tue Feb 10 21:23:32 PST 2015


Hi
i have questions about new_packet event

1) how can I get all the packet payload bro sees? 
- My result
  - new_packet give only packet header. 
  - packet_contents give transport layer payload
  - Both packets are not matched
  - tcp_packets does not return about http (i guess it divided)

- So i want to know
  - How can I get full header and body of packets?
  - Is there any way to packet mirror?



More information about the Bro mailing list