[Bro] TCP options of a SYN packet

Seth Hall seth at icir.org
Wed Dec 2 08:34:54 PST 2015


> On Dec 2, 2015, at 10:41 AM, Thomas Tan <thomastan81 at gmail.com> wrote:
> 
>  It cannot get TCP options and the order of the options down from a SYN packet.

It sounds like you might want to write your own plugin but it might even be possible that that’s not enough and you’d have to add a feature to Bro’s core to generate an event only for SYN packets. (although you generally have to be very careful about even generating an event for a single packet).

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list