[Bro] A little more confusion with Intel

Azoff, Justin S jazoff at illinois.edu
Thu Jan 18 10:13:11 PST 2018

> On Jan 18, 2018, at 1:06 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> Here too, is there something I'm missing?  In testing a different packet captures using TCP, I get intel...so does the Intel framework not support UDP?  Thank you.
> James

The intel framework doesn't know anything about tcp or udp.  The default scripts for connections only alert on tcp connections though:


Justin Azoff

More information about the Bro mailing list