Getting matched substrings ???
Robin Sommer
sommer at in.tum.de
Tue Apr 6 09:02:50 PDT 2004
On Tue, Apr 06, 2004 at 16:38 +0200, Yohann Thomas wrote:
> text...". I thought I could get the matched substring by the signatures,
> but unfortunately I can't get out of it...
event signature_match(state: signature_state, msg: string, data: string)
The 'data' parameter of the signature_match event contains the
payload that lead to the match. (More precisely, it contains the
last chunk of payload that eventually triggered the match; for TCP,
it depends on the reassembly what exactly is passed).
Is this what you're looking for?
Robin
--
Robin Sommer * Room 01.08.055 * www.net.in.tum.de
TU Munich * Phone (089) 289-18006 * sommer at in.tum.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20040406/57b5d200/attachment.bin
More information about the Bro
mailing list