[Bro] First orig_h packet after 3 way handshake
bmixonb1 at cs.unm.edu
Wed Jul 13 15:36:16 PDT 2016
Does Bro have an event that will get fired for the first packet after
the tcp 3-way handshake, or is there a way to get at that easily or does
it require a lot of state to be maintained in the script?
I am trying to get at this first packet following the 3 way handshake
because that is where the client hello in the ssl handshake should be.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160713/f6035abc/attachment.bin
More information about the Bro