[Bro] How does Bro capture the traffic of ftp data connection ?
熊永平
john8xyp at yahoo.com.cn
Wed Mar 14 21:01:44 PDT 2007
if i only load the ftp analyzer-ftp.bro,and the following line
redef capture_filters += { ["ftp"] = "port ftp" };
will guide bro to capture the traffic from and to port 21,and the event
handler of ftp_request and ftp_reply,doesn't include statements to capture
the port traffic after finding the command "port" or "pasv",and just add a
entry in the session table,but if libpcap can't capture corresponding
packet,the added entry doesn't work!
So how does it dynamically add the filter string to capture the
temporary traffic?
Anyone can help me ? 3x
___________________________________________________________
抢注雅虎免费邮箱-3.5G容量,20M附件!
http://cn.mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070315/5bc7dfdf/attachment.html
More information about the Bro
mailing list