[Bro] How information is stored in a set() and table() in bro
Johanna Amann
johanna at icir.org
Fri Oct 27 08:15:47 PDT 2017
Hi Riccardo,
> I would like to re-use this dataset I have collected, however this
> time
> I would require the headers to be in the exact order as they are
> parsed.
> This information is not in logs, so I was wondering whether it is
> possible: given the script and the logs, to "reverse" the original
> order
> of the headers.
>
> For this purpose, I think I need to know: 1) how data is stored in a
> "set [string]", because that's what I use to temporarily store the
> values; and 2) how data is stored in "hlist: mime_header_list" which
> is
> a table() in Bro.
Sadly the order in sets is random (well, it depends on the random seed
that was used at the time that you ran Bro to capture the data). As far
as I am aware it is not possible to reverse this process; so as painful
as it might be, you will have to re-capture the data.
Johanna
More information about the Bro
mailing list