[Bro] How to do with Bro 2.1

keqhe at cs.wisc.edu keqhe at cs.wisc.edu
Fri Oct 5 14:11:05 PDT 2012


Hello everyone:

Bro 2.1 employs DPD to do application layer protocol classification. That
is, it looks at the first few packet's payload to determine its service
type.

However, I notice that a large number of flows go through port 80 are
considered as TCP not HTTP. We just want Bro to do application layer
protocol classification based on port. What should I do?

I hope that some people can give me some advice.

Thank you!




More information about the Bro mailing list