[Bro] TCP options of a SYN packet
jan.grashofer at cern.ch
Thu Nov 26 03:16:02 PST 2015
there is the tcp_option event, that might help you (see https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_TCP.events.bif.bro.html#id-tcp_option). If that does not fit for you, you might have a look into the TCPRS-plugin (https://github.com/bro/bro-plugins/tree/master/tcprs/scripts/Bro/TCPRS). I have never used it but I think it also parses some TCP options and thus might be a good starting point.
From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Thomas Tan [thomastan81 at gmail.com]
Sent: Thursday, November 26, 2015 10:18
To: bro at bro.org
Subject: [Bro] TCP options of a SYN packet
Just wondering if anyone knows a way (an event) to obtain TCP options of a SYN packet?
Your help will be very much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro