about packet's load

Wang Shaofu wsffree at hotmail.com
Tue Dec 24 05:07:45 PST 2002


Two hour to the great moment!
Best wish!

>Ah - the term you're looking for is "payload".  You can get this using
>the "packet_contents" event handler, or using the new signature engine
>(for which Robin Sommer has contributed a new chapter for the Bro
>manual, which will be included in the next development release).


void FragReassembler::AddFragment(const struct ip* ip, const u_char* pkt,
				uint32 frag_field)
	{
          ......
	// Remove header.
	pkt += hdr_len;
	len -= hdr_len;
	
        +	printf("%s,/n",(char *) pkt);//change
	
	NewBlock(network_time, offset, len, pkt);
	}
I make the aboving change to print the payload of telnet , but it does not 
work!

Ciao
Cloud



_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn 




More information about the Bro mailing list