[Bro] three things
Robin Sommer
robin at icir.org
Thu Feb 1 19:10:08 PST 2007
On Wed, Jan 31, 2007 at 18:01 -0600, Mike Dopheide wrote:
> Trace attached. You'll need to run bro with -C to ignore checksum errors.
Works for me:
\xab\xf2^A\0\0^A\0\0\0\0\0\0^P_kerberos-master^D_udp^DNCSA^CEDU\0\0!\0^A
T
With this script again:
redef udp_content_deliver_all_orig = T;
event udp_contents(u: connection, is_orig: bool, contents: string)
{
print contents;
print /NCSA/ in contents;
}
So, how does your script look like?
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
LBNL/ICSI * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list