[Bro] Event for syn-ack packet
Vern Paxson
vern at icir.org
Wed May 23 10:47:44 PDT 2012
> Ok, my confusion was that the comment for that event in event.bif was "The event is raised when the initial 3-way TCP handshake has successfully finished for a connection."
Yeah, I think you can pin the blame on me for that comment.
> I'll update that comment unless there's some other subtlety about why it's worded that way.
Updating it would be good.
> One caveat could still be that connection_established is TCP-specific, the example I gave could be used for UDP "connections", too.
I don't believe we generate connection_established in a UDP context. There
it's instead udp_request and udp_reply. I'm not sure what example you're
referring to.
Vern
More information about the Bro
mailing list