[Bro] invoking the "protocol_confirmation" event
Earl Eiland
earl.eiland at root9b.com
Fri Jul 10 14:08:40 PDT 2015
I'm working on cataloging service-level protocols seen on a network. event.bif.bro lists "protocol_confirmation: event(c: connection , atype: Analyzer::Tag , aid: count)", which seems to be just the ticket. However, it is not invoked by some of the protocol analyzers of interest (e.g., MODBUS/TCP). It is invoked by DNS, but I don't see it in /scripts/base/protocols/dns/main.bro<https://www.bro.org/sphinx/_downloads/main25.bro>. How do I modify the other protocol analyzer scripts to invoke protocol_confirmation?
Earl Eiland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150710/fdcddc33/attachment.html
More information about the Bro
mailing list