[Bro] TCP options of a SYN packet

Thomas Tan thomastan81 at gmail.com
Wed Dec 2 12:39:41 PST 2015


Dear Seth,

Actually, I am writing a module using the outputs from Bro to detect
Operating Systems running on remote host machines. I need to get the
fingerprints of these OS for classification. I want to know if there is any
means to obtain p0f-like OS fingerprints.

Best regards,

Thomas

On 2 December 2015 at 17:34, Seth Hall <seth at icir.org> wrote:

>
> > On Dec 2, 2015, at 10:41 AM, Thomas Tan <thomastan81 at gmail.com> wrote:
> >
> >  It cannot get TCP options and the order of the options down from a SYN
> packet.
>
> It sounds like you might want to write your own plugin but it might even
> be possible that that’s not enough and you’d have to add a feature to Bro’s
> core to generate an event only for SYN packets. (although you generally
> have to be very careful about even generating an event for a single packet).
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151202/bb0f8f8d/attachment.html 


More information about the Bro mailing list