[Bro] Dump reassembled packets

נתנאל ממן netanelmaman0 at gmail.com
Sun Feb 16 08:43:12 PST 2014


Hey,

First, sorry about my english.

Im try to dump reassembled http request with "set_record_packets" when i
see intresting thing in my bro rules.

The problem is that this option dump only the *last* truncated packet and
the rest of connection.

Can i get previous truncated packets of known connection?

I tried a few hours but don't understand how to.

Thanks,

Net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140216/ff5a365c/attachment.html 


More information about the Bro mailing list