[Bro] How to do with Bro 2.1
Mike Sconzo
sconzo at visiblerisk.com
Wed Oct 10 15:55:21 PDT 2012
I've got another question on DPD (or at least on the implementation).
For example, http://www.bro-ids.org/documentation/scripts/base/protocols/http/file-extract.html
adds ports to the DPD config. Does this mean that Bro only uses DPD on
traffic over those ports added to the ports list? If we want/know of
HTTP traffic over ports other than those we should add additional
ports to the list or does DPD just "figure things out"(tm) and do what
it does best on any port?
Thanks!
On Sat, Oct 6, 2012 at 10:08 PM, Seth Hall <seth at icir.org> wrote:
>
> On Oct 6, 2012, at 11:55 AM, keqhe at cs.wisc.edu wrote:
>
>> Hello, sorry to disturb you again. Do you know is there any document guiding
>> users to make http or https's identification just based on port number.
>
>
> Here's a script that does what you want…
>
> https://github.com/sethhall/bro-scripts/blob/master/conn-port-service.bro
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
cat ~/.bash_history > documentation.txt
More information about the Bro
mailing list