[Bro] Fwd: Bro SSL analyzer
Matthias Vallentin
vallentin at icir.org
Sun Mar 3 17:36:09 PST 2013
CC'ing the Bro mailing list for broader review.
Matthias
---------- Forwarded message ----------
From: Ahir Reddy <ahirreddy at gmail.com>
Date: Sun, Mar 3, 2013 at 5:32 PM
Subject: Bro SSL analyzer
To: Matthias Vallentin <vallentin at icir.org>
Hi,
I was wondering if you have some insight into the SSL analyzer. I'm
having some issues detecting SSL alerts (in this case they are
transmitted after a FIN packet is seen). I've been trying to make
changes to SSL.cc, but I can't figure out what effectively closes the
SSL analyzer. I have already subclassed the TCP analyzer to detect RST
packets that appear after FINs, and I've been trying to do something
similar for the SSL Analyzer.
Ahir
More information about the Bro
mailing list