[Bro] is_tcp_port

Mike Muratet mike.muratet at torchtechnologies.com
Wed Aug 3 12:34:30 PDT 2005


Hello Again

I was trying to figure out the tcp/udp flag in conn.bro:record_connection 
from is_tcp_port and I got as far as bro.bif before I got lost. I was 
looking at the iana.org site and it looks like it's a pretty degenerate 
test, i.e., all the ports can be either. How does bro determine tcp vs udp?

thanks

Mike 




More information about the Bro mailing list