[Bro] how can I get the hostname in a SSL connection?
Jessica Smith
jes.smith.bro at aol.com
Tue Jan 28 08:53:14 PST 2014
yes, i'm working on trace files, so, there's noy way to wait the DNS reply? in that case I cannot check the validity of CN/SAN field, right?
-----Original Message-----
From: Seth Hall <seth at icir.org>
To: Jessica Smith <jes.smith.bro at aol.com>
Cc: bro <bro at bro.org>
Sent: Tue, Jan 28, 2014 3:10 pm
Subject: Re: [Bro] how can I get the hostname in a SSL connection?
Are you running this on live traffic or on a trace file? If you are running on
a tracefile, it could be that Bro is terminating before the DNS reply has a
chance to get back into Bro and run that code. When statements work like
closures so they aren't executed immediately. You can think of it like the body
of the when statement is stored in the background until the condition for the
when statement becomes true or completes, it's only then that the body is
executed.
Also, you may want to print something just before the when statement just to
make sure your code is actually making it to the when statement.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140128/b8de3b8f/attachment.html
More information about the Bro
mailing list