[Bro-Dev] #857: Change capture port in HTTP analyzer from 3138/tcp instead of 3128/tcp
Bro Tracker
bro at tracker.bro-ids.org
Thu Jul 19 10:59:48 PDT 2012
#857: Change capture port in HTTP analyzer from 3138/tcp instead of 3128/tcp
------------------------+---------------------
Reporter: aashish | Type: Problem
Status: new | Priority: High
Milestone: | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
Port definitions in main.bro in ../share/bro/base/protocols/http/main.bro
has 3138/tcp defined in structures "ports", "likely_server_ports" and
"capture_filters"
This should be 3128/tcp to capture traffic for squid proxy.
Config below:
# DPD configuration.
const ports = {
80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp,
8000/tcp, 8080/tcp, 8888/tcp,
};
redef dpd_config += {
[[ANALYZER_HTTP, ANALYZER_HTTP_BINPAC]] = [$ports = ports],
};
redef capture_filters += {
["http"] = "tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000
or 8080 or 8888)"
};
redef likely_server_ports += {
80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp,
8000/tcp, 8080/tcp, 8888/tcp,
};
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/857>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list