[Bro] Protosig question, round 2
James Lay
jlay at slave-tothe-box.net
Fri Nov 4 18:27:38 PDT 2016
On Sat, 2016-11-05 at 00:32 +0100, Jan Grashöfer wrote:
> >
> > From https://www.bro.org/sphinx/frameworks/signatures.html:
> > Note that the IP-in-IP forms of tunneling are automatically
> > decapsulated by default and signatures apply to only the inner-most
> > packet [...]
> >
> > From time to time people want to attach analyzers at layer 2, which
> isn't possible at the moment. Maybe once this part of Bro sees an
> update, signatures and custom decapsulation analyzers can be
> integrated.
> But that's a question for the devs.
>
> Jan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
Thanks Jan...I've been looking so long at that page I completely missed
that. ☹
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161104/5aca6cbb/attachment.html
More information about the Bro
mailing list