[Bro] Bro DPD (Beginner)
Seth Hall
seth at icir.org
Fri Apr 13 09:05:00 PDT 2012
On Apr 13, 2012, at 11:48 AM, zubair rafique wrote:
> Thanks for the quick reply. One more question. How to detect/extract HTTP request in TCP payload (where TCP connection is established on the non-standard port).
We've been having some trouble with content extraction, but if you want to try it…
bro -r mytrace.pcap "HTTP::extract_file_types=/.*/"
This mechanism is being heavily reworked for 2.1 right now too so that all file handling will be done through the new file analysis framework. More information and docs will come with the 2.1 release.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list