[Bro] udp event handlers not catching events
Hui Lin (Hugo)
hlin33 at illinois.edu
Wed Dec 9 21:31:40 PST 2015
Hi,
I am analyzing a pcap which contains some UDP packets. I have redefined
both "udp_content_deliver_all_orig" and "udp_content_deliver_all_resp" as
true, but no events are caught by "udp_request", "upd_reply", and
"udp_contents". However, I can use "packets_content" and "is_udp_port" to
catch the udp communications.
Can these udp event handlers still be used?
Thanks and best,
Hui Lin
--
Hui Lin
PhD Candidate, Research Assistant
Electrical and Computer Engineering Department
University of Illinois at Urbana-Champaign
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151209/f8d37d8d/attachment.html
More information about the Bro
mailing list