[Bro] Application Layer Classification

Christian Novello christian.novello at gmail.com
Mon Jan 15 06:59:02 PST 2007


Dear all,

here at Turin Polytechnic (Italy) we're working with Bro 1.2.1 and we're
having some trouble in classifying packets that do not use a standard port.
Unfortunately, a large part of our traffic does not belong to standard ports
and therefore the validity of results we get from Bro are rather limited.

Is there any way to let Bro recognize any HTTP session (for example) even if
it does not have port 80 or 8080 or such? And... is it possible to
generalize this behavior on any protocol?

(Obviously, we can also modify the code; we should be extremely grateful if
we can provide us some hints, just to start).

Cheers,

    Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070115/a293909a/attachment.html 


More information about the Bro mailing list