[Bro] Event for syn-ack packet
Sheharbano Khattak
sheharbano.k at gmail.com
Wed May 23 03:05:43 PDT 2012
Hi,
I want to identify hosts within our monitored network that reply to certain
external IP addresses. The reply could be as short as a syn-ack. The event
connection_established is too late as it doesn't matter whether the
connection was established. All that matters is whether any of our hosts
replied to the external IP even if that means a single syn-ack packet. Do
we have an event that could be used to capture this information?
Regards,
--
Sheharbano Khattak
http://etheryell.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120523/33995580/attachment.html
More information about the Bro
mailing list