[Bro] Dealing with tcp-based Unknown Protocols

Jan Grashöfer jan.grashoefer at gmail.com
Mon Dec 11 09:24:43 PST 2017


On 11/12/17 07:45, Shuai Hao wrote:
> I wonder that does anyone have experience to tackle the "unknown protocol"
> when DPD cannot recognize the protocol and/or all existing analyzers fail.

Maybe the "Analyzers of Last Resort" Leo and Aaron talked about in their 
BroCon'17 Lightning-Talks is what you are looking for:
https://www.bro.org/brocon2017/slides/2017_lightning_talk.pdf

Jan


More information about the Bro mailing list