[Bro] Logging packet with mismatch content_size and data is being sent after reset
Robin Gruyters
robin.gruyters at gmail.com
Fri Dec 18 08:51:30 PST 2015
Hi Bro'ers,
I wonder if you could help me.
I have created a policy that logs when a http stream has mismatch
content-size versus body.
This works fine but I need to add an extra check to see if data is being
sent after a reset.
I have uploaded my policy for you to see.
https://rgruyters.stackstorage.com/index.php/s/JdNKlrxKWyzSMzB
i know the weird.bro policy logs 'data_after_reset', but I don't know how
to incorporate this in my policy.
Could you please help me?
Kind regards,
Robin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151218/1e7f6855/attachment.html
More information about the Bro
mailing list