[Bro-Dev] Tunnels

Seth Hall seth at icir.org
Fri Jul 29 10:20:43 PDT 2011

On Jul 29, 2011, at 1:13 PM, Vern Paxson wrote:

> I'm not following this.  Seems we'd instead want (1) a one-time event
> that identifies the presence of a tunnel, (2) regular processing (via
> an analyzer chain) of the traffic inside the tunnel, and (3) a way to
> tell that a give connection record (or other network event) ultimately
> stems from tunneled traffic.

Yep, your way's much simpler. :)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list