[Bro] TCP options of a SYN packet
Thomas Tan
thomastan81 at gmail.com
Wed Dec 2 12:41:52 PST 2015
Dear Daniel,
Thanks for your reply. Could you give me an example or documentation
detailing how I could achieve my goal?
Best regards,
Thomas
On 2 December 2015 at 20:46, Daniel Guerra <daniel.guerra69 at gmail.com>
wrote:
> This probebly explains your problem
>
> in bro-plugins/tcprs/src/TCPRS.cc
>
> UsesTSOption = false;
> sack_in_use = false;
>
> AND
>
> in bro-plugins/tcprs/src/TCPRS_Endpoint.cc
>
> usesTimestamps = false;
> checkedForTSOptions = false;
>
> Regards,
> Daniel
>
> > On 02 Dec 2015, at 17:34, Seth Hall <seth at icir.org> wrote:
> >
> >
> >> On Dec 2, 2015, at 10:41 AM, Thomas Tan <thomastan81 at gmail.com> wrote:
> >>
> >> It cannot get TCP options and the order of the options down from a SYN
> packet.
> >
> > It sounds like you might want to write your own plugin but it might even
> be possible that that’s not enough and you’d have to add a feature to Bro’s
> core to generate an event only for SYN packets. (although you generally
> have to be very careful about even generating an event for a single packet).
> >
> > .Seth
> >
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro.org/
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151202/6317876b/attachment.html
More information about the Bro
mailing list