[Bro] Bro Having Trouble with Weird Protocol
J Tur
jhturner900 at gmail.com
Wed Aug 15 11:52:44 PDT 2018
I'm currently working on a Bro plugin.
The protocol I've been dealing with is strictly ACKs and PSH/ACKs (it's
transport protocol is TCP). The sequence of packets is ACK, PSH/ACK, ACK,
PSH/ACK,..... However, Bro from what I know needs a SYN, a FIN/ACK, or
something like that to close the packet and look for a data section.
Therefore, none of my data is being picked up, and the Application Level
processing doesn't even get started. Is there an easy way to have Bro close
the packet after each ACK,PSH/ACK pair? Or would I have to just fiddle
with TCP.cc until I get the desired results? Thanks!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180815/b05bb66f/attachment.html
More information about the Bro
mailing list