[Bro] How can I invoke event tcp_option()?
Azoff, Justin S
jazoff at illinois.edu
Wed Oct 7 06:58:44 PDT 2015
> On Oct 7, 2015, at 9:38 AM, Thomas Tan <thomastan81 at gmail.com> wrote:
>
> Dear All,
>
> I am new to Bro. I am testing the “event tcp_option ()”. However, the event is not invoked by the event engine. Can anyone kindly advise me what I have done wrong? My code is as follows.
Are you running this against a pcap? Are you maybe not running bro with the -C option to ignore invalid checksums from checksum offloading?
This works on when I try it on try.bro.org against the example caps:
event tcp_option (c:connection, is_orig:bool, opt:count, optlen:count){
print c$id$orig_h, is_orig, opt, optlen;
}
http://try.bro.org/#/trybro/saved/21633
--
- Justin Azoff
More information about the Bro
mailing list