Can I use Bro to do IP fragment/reassemble tasks?
Ashley Thomas
athomas at unity.ncsu.edu
Wed May 22 21:44:07 PDT 2002
Bro reassembles ip fragments (in view that it needs to do intrusion
detection..)
Make sure that in your mt.bro there is
@load frag.bro
Whether bro will suit your need is another qn..
bro reassembles the fragments and analyses the whole packet
to detect intrusions or network anomalies...
> Another question, if I have a large datagram from higher level (maybe
TCP),can I use Bro to fragment the large datagram into small IP packages?
Bro does'nt do that.
On Thu, 23 May 2002 maillist151 at sohu.com wrote:
> Hi, pals!
>
> I have got some some IP fragment packages of a large datagram.
> (more than 1500 bytes). Can I use Bro to reassemble the IP packages?
>
> Another question, if I have a large datagram from higher level (maybe TCP),
> can I use Bro to fragment the large datagram into small IP packages?
>
> Best regards,
> George Ma
>
More information about the Bro
mailing list