[Bro-Dev] Tunnels
Seth Hall
seth at icir.org
Fri Jul 29 10:20:43 PDT 2011
On Jul 29, 2011, at 1:13 PM, Vern Paxson wrote:
> I'm not following this. Seems we'd instead want (1) a one-time event
> that identifies the presence of a tunnel, (2) regular processing (via
> an analyzer chain) of the traffic inside the tunnel, and (3) a way to
> tell that a give connection record (or other network event) ultimately
> stems from tunneled traffic.
Yep, your way's much simpler. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list