[Bro] Fragmentation and TCP overlapping Issues
Veronica Estrada
estrada.veronica at gmail.com
Wed Dec 8 22:03:21 PST 2010
And now it works! :)
On Thu, Dec 9, 2010 at 2:06 PM, Vern Paxson <vern at icir.org> wrote:
> > All fragment events are handle by flow weird. When is invoked flow
> > weird handler?
>
> It's only used for packets that are so broken that Bro can't reliably
> associate them with a connection.
>
> > How can I redef these variables? I tried to redef this variables on
> > my start policy but all I get are errors ((port and 21): error,
>
> If you want TCP port 21 then you specify it as "21/tcp", not just "21".
>
> Vern
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20101209/8ae06253/attachment.html
More information about the Bro
mailing list