[Bro] packet post-processor plugin
Seth Hall
seth at icir.org
Wed May 20 18:30:21 PDT 2015
> On May 20, 2015, at 5:26 PM, Jeff Barber <jbarber at computer.org> wrote:
>
>> What does handle mean in this context?
>
> A primary goal is just to identify the endpoints represented by the
> various layers in the packet: mac addresses, vlan tag, layer3 proto,
> IP addresses, IP proto, TCP/UDP ports, etc.
Ohhhh, now this whole thread makes sense. There has been some discussion internally and on the bro-dev list lately about how to expose that information to scripts in a way that doesn’t overload Bro. Unfortunately there isn’t a timeline yet on actually implementing what has been discussed.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150520/79cc06c6/attachment.bin
More information about the Bro
mailing list