[Bro] Event for syn-ack packet

Vern Paxson vern at icir.org
Wed May 23 13:21:41 PDT 2012


> Right, I meant the example of checking a connection's "history" field
> for any lower-case letters should indicate the responding side sent some
> type of packet ...

Ah, right.  Yes, that's indeed the right way to discern exactly what occurred.

		Vern



More information about the Bro mailing list