[Bro] How can I receive tcp_contents event over 1500 bytes.
kyunsang.song at inspien.co.kr
kyunsang.song at inspien.co.kr
Thu Jun 6 23:07:44 PDT 2013
Hi, I'm new to bro.
I received tcp_contents (reassembled tcp payload) event with broccoli.
But, bro doesn't emit events over 1500 bytes. (approx.)
How can I receive event tcp_contents properly.
Bellow is my local.bro
========================================
@load frameworks/communication/listen
redef tcp_reassembler_ports_resp: set[port] = {
3200/tcp, 3201/tcp
};
redef tcp_content_deliver_all_orig: bool = T;
redef tcp_content_deliver_all_resp: bool = T;
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130607/eafeb547/attachment.html
More information about the Bro
mailing list