[Bro] Dump reassembled packets
נתנאל ממן
netanelmaman0 at gmail.com
Sun Feb 16 08:43:12 PST 2014
Hey,
First, sorry about my english.
Im try to dump reassembled http request with "set_record_packets" when i
see intresting thing in my bro rules.
The problem is that this option dump only the *last* truncated packet and
the rest of connection.
Can i get previous truncated packets of known connection?
I tried a few hours but don't understand how to.
Thanks,
Net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140216/ff5a365c/attachment.html
More information about the Bro
mailing list