jan.grashofer at cern.ch
Mon Aug 24 07:23:26 PDT 2015
I would like to use the NTP analyzer and documentation says:
"Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature." (https://www.bro.org/sphinx/script-reference/proto-analyzers.html#bro-ntp)
I think a DPD signature would be preferable compared to registering a port. Before I start digging into that I thought I might ask here, whether someone has already done this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro