Additional service ports

James_Lay · November 13, 2013, 3:30pm

Hey all,

Quick question...say I have http traffic on the usual 80, and 8001? How does one tell Bro that there's an additional port to analyze? Thank you.

James

anthony_kasza1 · November 13, 2013, 3:59pm

The ‘Determining Analyzer Activation’ section in the following link might be helpful.
http://www.bro.org/development/howtos/dpd.html

Hey all,

Quick question…say I have http traffic on the usual 80, and 8001?
How does one tell Bro that there’s an additional port to analyze? Thank
you.

James

Seth_Hall3 · November 13, 2013, 5:39pm

Oops! That section should have been deprecated with 2.2, it doesn't work that way anymore. You can do the following, but I'm not sure if it overwrites the default list of ports used or not...

event bro_init()
  {
  Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, set(12345/tcp));
  }

.Seth

Siwek_Jon · November 13, 2013, 6:10pm

It’s additive; doesn’t overwrite.

- Jon

James_Lay · November 13, 2013, 6:20pm

Thanks Seth...I'll give that a go.

James

Topic		Replies	Views
Bro and unusual http ports Zeek	10	68	May 6, 2022
new bro "CURRENT" release - 0.8a57 Zeek	1	55	May 6, 2022
dpd unknown port Zeek	4	93	May 6, 2022
Problems adding http ports to bro (git version) Zeek	5	62	May 6, 2022
NTP Zeek	1	56	May 6, 2022

Additional service ports

Related Topics