[Bro] Listening on both UDP/TCP
TQ
nothinrandom at gmail.com
Tue Nov 13 09:25:11 PST 2018
Hey Johanna,
I followed your suggestion and looked at SSL, works great!
Thanks,
On Tue, Nov 6, 2018 at 5:11 PM Johanna Amann <johanna at icir.org> wrote:
> Hi,
>
> > I see many of the existing protocols focus on either TCP or UDP, but
> > nothing for both. I did notice that SIP has both TCP and UDP, however,
> the
> > TCP portion is "not activated" (
> > https://github.com/bro/bro/tree/master/src/analyzer/protocol/sip). Is
> > there a good example of how to handle both? Is this something where I
> > would need register listener in main.bro? For example:
>
> [...]
>
> the closest to this is probably the TLS/DTLS analyzer. Similarly to SIP,
> it actually is 2 analyzers (one for TLS over TCP and one for DTLS over
> UDP) that share a lot of the code.
>
> scripts/base/protocols/ssl/main.bro shows that both of them are just
> initialized separately from each other. From a very cursory glance over
> SIP, I think that one could just do the same there.
>
> I hope this helps,
> Johanna
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181113/de602c1a/attachment.html
More information about the Bro
mailing list