[Bro] TCP options of a SYN packet
Jan Grashofer
jan.grashofer at cern.ch
Thu Nov 26 03:16:02 PST 2015
Hi Thomas,
there is the tcp_option event, that might help you (see https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_TCP.events.bif.bro.html#id-tcp_option). If that does not fit for you, you might have a look into the TCPRS-plugin (https://github.com/bro/bro-plugins/tree/master/tcprs/scripts/Bro/TCPRS). I have never used it but I think it also parses some TCP options and thus might be a good starting point.
Best regards,
Jan
________________________________
From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Thomas Tan [thomastan81 at gmail.com]
Sent: Thursday, November 26, 2015 10:18
To: bro at bro.org
Subject: [Bro] TCP options of a SYN packet
Dear All,
Just wondering if anyone knows a way (an event) to obtain TCP options of a SYN packet?
Your help will be very much appreciated.
Thank you.
Best regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151126/525be524/attachment.html
More information about the Bro
mailing list