[Bro] Listening on both UDP/TCP

TQ nothinrandom at gmail.com
Tue Nov 6 16:01:17 PST 2018


Hello There,

I see many of the existing protocols focus on either TCP or UDP, but
nothing for both.  I did notice that SIP has both TCP and UDP, however, the
TCP portion is "not activated" (
https://github.com/bro/bro/tree/master/src/analyzer/protocol/sip).  Is
there a good example of how to handle both?  Is this something where I
would need register listener in main.bro? For example:

const ports = { 5060/udp }; # existing
const ports_tcp = { 1234/tcp }; # new
redef likely_server_ports += { ports, ports_tcp };

event bro_init() &priority=5 {

Log::create_stream(SIP::LOG, [$columns=Info, $ev=log_sip, $path="sip"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, ports); # existing
Analyzer_TCP::register_for_ports(Analyzer_TCP::ANALYZER_SIP_TCP,
ports_tcp); # new

}

Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181106/b82300c0/attachment.html 


More information about the Bro mailing list