[Bro] packet post-processor plugin

Seth Hall seth at icir.org
Wed May 20 18:30:21 PDT 2015


> On May 20, 2015, at 5:26 PM, Jeff Barber <jbarber at computer.org> wrote:
> 
>> What does handle mean in this context?
> 
> A primary goal is just to identify the endpoints represented by the
> various layers in the packet: mac addresses, vlan tag, layer3 proto,
> IP addresses, IP proto, TCP/UDP ports, etc.

Ohhhh, now this whole thread makes sense.  There has been some discussion internally and on the bro-dev list lately about how to expose that information to scripts in a way that doesn’t overload Bro.  Unfortunately there isn’t a timeline yet on actually implementing what has been discussed.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150520/79cc06c6/attachment.bin 


More information about the Bro mailing list