[Bro] NTP

Jan Grashofer jan.grashofer at cern.ch
Mon Aug 24 07:23:26 PDT 2015


I would like to use the NTP analyzer and documentation says:

"Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature." (https://www.bro.org/sphinx/script-reference/proto-analyzers.html#bro-ntp)

I think a DPD signature would be preferable compared to registering a port. Before I start digging into that I thought I might ask here, whether someone has already done this.

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150824/edd32143/attachment.html 

More information about the Bro mailing list