[Bro] testing against uninitialized fields
anthony kasza
anthony.kasza at gmail.com
Tue Aug 18 12:58:13 PDT 2015
The ?$ operator is what you want.
-AK
On Aug 18, 2015 11:53 AM, "Earl Eiland" <earl.eiland at root9b.com> wrote:
> I’m writing a script that works with the connection$service field.
> Sometimes, this field is unintialized, which is causing my script to fail.
> How can I catch an unintialized field?
>
>
>
> Best Regards,
>
>
>
> Earl Eiland,
>
> Sr. Cyber Security Engineer,
>
> Emerging Technologies, root9B,
>
> San Antonio, Texas
>
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity named. If you are not the
> named addressee you are notified that disclosing, copying, distributing or
> taking any action in reliance on the contents of this information is
> strictly prohibited. Please notify the sender immediately by email if you
> received this email in error and delete this email from your system. Any
> views or opinions presented in this e-mail are solely those of the author
> and do not necessarily represent those of root9B LLC.
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150818/51f6eb01/attachment.html
More information about the Bro
mailing list