[Bro] URG Flag
Ruoming Pang
rpang at CS.Princeton.EDU
Wed Jan 12 10:50:05 PST 2005
One way is through event tcp_packet:
event tcp_packet(c: connection, is_orig: bool, flags: string, seq:
count, ack: count, len: count, payload: string)
{
if ( strstr(flags, "U") > 0 )
{
...
}
}
But please note that it requires a per-TCP-packet event and thus only
works for low volume traffic.
Ruoming
On Jan 12, 2005, at 12:19 PM, Hervé Brelivet wrote:
> Hello,
>
> I would like to know how I can retrieve urg flag in the tcp segment or
> count the number of tcp packets with a URG flag in a connection ?
>
> thanks
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list