[Bro] Attributes and Ports Questions
anthony kasza
anthony.kasza at gmail.com
Tue Oct 28 18:10:46 PDT 2014
Hi All,
Is anyone using the following attributes? How are you using them? I
believe some of these have been deprecated.
&rotate_interval
&rotate_size
&mergeable
&synchronize (I think there was a post earlier last month about this one)
&persistent
&group
&add_func
&delete_func
&encrypt (applying this to a file causes Bro to "elegantly terminate" for me)
bro -Ci eth0 -e 'global f1: file = open("f.out") &encrypt'
What is the purpose of the unknown port type? And why do they only
range from 0-255? Compare the results of the following commands.
bro -e 'print 0/unknown; print 255/unknown;'
bro -e 'print 0/unknown; print 255/unknown; print 256/unknown;'
How are ports flattened? See the results of the following command.
bro -e 'print 0/udp; print |0/udp|; print |32/tcp|; print |11/tcp|;
print |132/unknown|; print 132/unknown;'
Any insights are appreciated.
-AK
More information about the Bro
mailing list