[Bro] type conversion
bchen at cs.ucf.edu
bchen at cs.ucf.edu
Wed May 4 17:54:11 PDT 2005
I got it. thanks.
Bing
Quoting Vern Paxson <vern at icir.org>:
>> Hi Vern,
>> I am monitoring the pm_getport event. If a suspicious remote host sends a
>> reqest to the monitored server and successfully get the port # of a specific
>> rpc service, I would like to track all incoming traffic to this
>> service. I need
>> the port # of the service for this purpose.
>
> The way to get it is to define your own pm_request_getport event handler
> (you can do this in addition to the normal one). See portmapper.bro
> for how the default one works, from which you should be able to derive
> an additional handler to do what you want.
>
> Vern
>
More information about the Bro
mailing list