[Bro] (no subject)
Robin Sommer
robin at icir.org
Sun Sep 18 21:05:42 PDT 2011
On Sat, Sep 17, 2011 at 11:37 -0700, you wrote:
> I would like to know if the matching of the payload as a condition is done
> against all the session data or more like per packet matching.
For TCP it's all session data. Also see:
http://www.bro-ids.org/documentation/signatures.html
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list