[Bro] Conn Log
Seth Hall
seth at icir.org
Fri Nov 11 12:00:13 PST 2016
> On Nov 11, 2016, at 2:19 PM, abdulrahman musallam <abdulrahmanmusallam at gmail.com> wrote:
>
> The connection log generated by Bro provide a services field which declare the application layer protocol which was used in that connection, I've noticed that it sometimes uses ' - ' instead of known protocol, could you please tell what does this sign stand for?
That is just an indicator for NULL. It means that no analyzer was attached to the connection.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list