[Bro] Questions abot new_packet
mwsong at imtl.skku.ac.kr
Tue Feb 10 21:23:32 PST 2015
i have questions about new_packet event
1) how can I get all the packet payload bro sees?
- My result
- new_packet give only packet header.
- packet_contents give transport layer payload
- Both packets are not matched
- tcp_packets does not return about http (i guess it divided)
- So i want to know
- How can I get full header and body of packets?
- Is there any way to packet mirror?
More information about the Bro