[Bro] Does Bro generate only one event for one network connection?

Nuyun Zhang nellieyun at gmail.com
Wed Aug 5 06:12:01 PDT 2015


Dear Bro team,

   I have a question about Bro. Does Bro generate only one event for one
packet/connection? Or Bro will generate multiple events for one
packet/connection?
    I have read the paper "Bro: A system for Decting Network Intruder in
Real-time." The example showed Bro did generate a "Finger" event when the
connection meet more conditions instead of a TCP_connection event. Is this
always true?

    Thanks!
--
Nuyun Zhang (Nellie) Ph.D.
Research Associate
CCIT of Clemson University
http://people.clemson.edu/~nuyun/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150805/aa2a288e/attachment.html 


More information about the Bro mailing list