[Bro] Does bro REALLY SUPPORT port-independent analysis of application-layer protocols?

Seth Hall seth at icir.org
Mon May 19 22:11:28 PDT 2014

On May 20, 2014, at 12:48 AM, (peter) <45070198 at qq.com> wrote:

> In the file /usr/local/bro/share/bro/base/protocols/socks/main.bro, there are some codes as following:

Take a look at socks/dpd.sig.  Those are the signatures that are running and attempting to identify off-port SOCKS connections.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140520/7ac86414/attachment.bin 

More information about the Bro mailing list