[Bro] TCP Partial Connection
Jaya Dhanesh
dhanesh at tataelxsi.co.in
Wed Nov 1 20:33:04 PST 2006
Hi All,
BRO calls the Protocol Analyzers (for Applications using TCP) only after a
TCP three way handshake has happened.
For example the HTTP event handlers are called after the TCP handshake has
happened and BRO recognizes it as
a HTTP traffic by looking at the destination port.
When I run capture files with a few TCP (HTTP) packets, without the
handshake packets the HTTP event handlers were not called in this case. I
suppose BRO will recognize it as TCP packet and then do nothing with the
packet.
How does BRO handle this TCP packets without handshake packets?
Thanks in advance,
Dhanesh.
More information about the Bro
mailing list