[Bro] How to do with Bro 2.1
keqhe at cs.wisc.edu
keqhe at cs.wisc.edu
Fri Oct 5 14:11:05 PDT 2012
Hello everyone:
Bro 2.1 employs DPD to do application layer protocol classification. That
is, it looks at the first few packet's payload to determine its service
type.
However, I notice that a large number of flows go through port 80 are
considered as TCP not HTTP. We just want Bro to do application layer
protocol classification based on port. What should I do?
I hope that some people can give me some advice.
Thank you!
More information about the Bro
mailing list