[Bro] Finding SYNs...
David Hoelzer
dhoelzer at sans.org
Mon Sep 8 07:17:37 PDT 2014
Oops! Sorry, yes. Thanks!
I notice that you say “default behavior”. Is there an enum or constant that I can adjust to change this behavior?
On Sep 8, 2014, at 10:16 AM, Siwek, Jon <jsiwek at illinois.edu> wrote:
>
> On Sep 8, 2014, at 8:36 AM, David Hoelzer <dhoelzer at sans.org> wrote:
>
>> I’m curious as to whether or not an invalid checksum as a result of offloading would prevent the tcp_SYN_packet event from firing…?
>
> If you mean “connection_SYN_packet”, the default behavior is to not generate that event for packets w/ invalid checksums.
>
> - Jon
More information about the Bro
mailing list