[Bro] Bro and unusual http ports
Seth Hall
seth at icir.org
Fri Nov 16 18:13:37 PST 2012
On Nov 16, 2012, at 6:40 PM, "Castle, Shane" <scastle at bouldercounty.org> wrote:
> What am I missing?
Could you send me a packet capture? I'm curious as to why the signature isn't matching.
> BTW this is Bro 2.0 (yes I know, consider me chastised) but the scripts seem to be the same in 2.1.
Hah! Yeah, not much difference between 2.0 and 2.1 with this, the change to it will be coming with 2.2. :)
If you want to add port 3000/tcp as an HTTP port you can add this to a script…
add dpd_config[ANALYZER_HTTP]$ports[3000/tcp];
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list