[Bro] TCP options of a SYN packet

Daniel Guerra daniel.guerra69 at gmail.com
Wed Dec 2 11:46:20 PST 2015


This probebly explains your problem

in bro-plugins/tcprs/src/TCPRS.cc

UsesTSOption = false;
sack_in_use = false;

AND

in bro-plugins/tcprs/src/TCPRS_Endpoint.cc

usesTimestamps = false;
checkedForTSOptions = false;

Regards,
Daniel

> On 02 Dec 2015, at 17:34, Seth Hall <seth at icir.org> wrote:
> 
> 
>> On Dec 2, 2015, at 10:41 AM, Thomas Tan <thomastan81 at gmail.com> wrote:
>> 
>> It cannot get TCP options and the order of the options down from a SYN packet.
> 
> It sounds like you might want to write your own plugin but it might even be possible that that’s not enough and you’d have to add a feature to Bro’s core to generate an event only for SYN packets. (although you generally have to be very careful about even generating an event for a single packet).
> 
>  .Seth
> 
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list