[Bro-Dev] #788: Good analysis of unidirectional DNS flows
Bro Tracker
bro at tracker.bro-ids.org
Fri Feb 24 02:26:28 PST 2012
#788: Good analysis of unidirectional DNS flows
---------------------------+--------------------
Reporter: JulienSentier | Type: Patch
Status: new | Priority: Normal
Milestone: | Component: Bro
Version: git/master | Keywords:
---------------------------+--------------------
Some use port udp 53 as a source port for dns requests.
And sometimes, we can miss the DNS request.
In this case, we can rely on the DNS field QR to identify the direction of
the flow.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/788>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list