[Bro] SSL Events not being triggered
Shaanan Cohney
shaananc at hotmail.com
Thu Jun 22 00:42:01 PDT 2017
I am having trouble getting any SSL events to trigger.
I've tested scripts against the snakeoil pcap from the wireshark sample pages, as well as my own data.
I've also tried scripts ranging from the one I actually plan to use, along with a few barebones ones.
When I use the -d flag and break on an connection I can see port 443 in the four tuple, but the SSL field remains uninitialized.
Here's a sample of something I tried
event bro_init(){
#Analyzer::enable_analyzer(Analyzer::ANALYZER_SSL);
#Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 443/tcp);
}
event ssl_established(c: connection) &priority=3 {
print c;
}
I've also tried my own compiled version of bro, and the apt package on the latest version of ubuntu.
I'm running bro as follows
bro -r a.pcap ./nameofscript.bro
Any help would be much appreciated!
Thanks,
snc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170622/c89f74ce/attachment.html
More information about the Bro
mailing list