Two hour to the great moment!
Best wish!
Ah - the term you're looking for is "payload". You can get this using
the "packet_contents" event handler, or using the new signature engine
(for which Robin Sommer has contributed a new chapter for the Bro
manual, which will be included in the next development release).
void FragReassembler::AddFragment(const struct ip* ip, const u_char* pkt,
uint32 frag_field)
{
......
// Remove header.
pkt += hdr_len;
len -= hdr_len;
+ printf("%s,/n",(char *) pkt);//change
NewBlock(network_time, offset, len, pkt);
}
I make the aboving change to print the payload of telnet , but it does not work!
Ciao
Cloud