[Bro] Unknown protocol in Bro
Anton Korovin
korovin.anton at gmail.com
Thu Dec 20 09:07:08 PST 2007
Hi!
I used Bro version 1.1.0.
I wrote policy for dump data content, which is transferring on unknown
protocol.
And I modified method NewConn() in NetSessions class:
If port value isn't handled I create instance of UnknownConnection class,
which fair events for each request/reply of its connection. These events
are handled in policy script and write the content to HDD.
How can I do the same in new versions Bro?
Best regards,
Anton Korovin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071220/eee0fc84/attachment.html
More information about the Bro
mailing list