[Bro] http analyzer and de-obfuscating the payload

Vern Paxson vern at icir.org
Wed Oct 13 12:59:50 PDT 2010

Previous message: [Bro] http analyzer and de-obfuscating the payload
Next message: [Bro] Use of GPUs for signature matching?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > 3. Along the same lines as #2, is the assembled stream available for
> > connections that are not http?
> 
> It depends on the protocol and the analyzer.

Note, there are also generic tcp_contents() and udp_contents() events.
They likewise return the stream piecemeal.

		Vern

Previous message: [Bro] http analyzer and de-obfuscating the payload
Next message: [Bro] Use of GPUs for signature matching?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Bro mailing list