[Bro-Dev] [JIRA] (BIT-1444) Connection logging for ESP

Jimmy Jones (JIRA) jira at bro-tracker.atlassian.net
Sat Sep 5 06:37:00 PDT 2015


    [ https://bro-tracker.atlassian.net/browse/BIT-1444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21968#comment-21968 ] 

Jimmy Jones commented on BIT-1444:
----------------------------------

Thanks Seth. Wireshark sample captures wiki has a few - https://wiki.wireshark.org/SampleCaptures#IPsec_-_ESP_Payload_Decryption_and_Authentication_Checking_Examples

> Connection logging for ESP
> --------------------------
>
>                 Key: BIT-1444
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1444
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>            Reporter: Jimmy Jones
>            Assignee: Vlad Grigorescu
>            Priority: Low
>
> I'd like to be able to track ESP (IPSec) connections in conn.log. Although ESP is encrypted, the ability to track volumes and pattern of life etc would be beneficial when doing intrusion analysis.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)


More information about the bro-dev mailing list