[Bro] First orig_h packet after 3 way handshake
johanna at icir.org
Wed Jul 13 17:17:08 PDT 2016
Out of curiosity - what are you trying to do?
(I am always curious what people try to get from the SSL handshake that
we do not parse out yet...)
On 13 Jul 2016, at 16:04, Ben Mixon-Baca wrote:
> Unfortunately for what I am doing, I cannot.
> On 07/13/2016 03:58 PM, Azoff, Justin S wrote:
>>> On Jul 13, 2016, at 6:36 PM, Ben Mixon-Baca <bmixonb1 at cs.unm.edu>
>>> Does Bro have an event that will get fired for the first packet
>>> the tcp 3-way handshake, or is there a way to get at that easily or
>>> it require a lot of state to be maintained in the script?
>>> I am trying to get at this first packet following the 3 way
>>> because that is where the client hello in the ssl handshake should
>> Can you use the ssl_client_hello event?
>> event ssl_client_hello(c: connection, version: count, possible_ts:
>> time, client_random: string, session_id: string, ciphers: index_vec)
> Bro mailing list
> bro at bro-ids.org
More information about the Bro