(no subject)

Kristen_Eisenberg · September 17, 2011, 6:37pm

[Bro] Signature payload matching

Hi all,

I’m working for automation of signature generation for Bro from pcap trace
files.
I would like to know if the matching of the payload as a condition is done
against all the session data or more like per packet matching.

Thanks

Kristen Eisenberg
Billige Flüge
Marketing GmbH
Emanuelstr. 3,
10317 Berlin
Deutschland
Telefon: +49 (33)
5310967
Email:
utebachmeier at gmail.com
Site:
http://flug.airego.de

Billige Flüge vergleichen

robin · September 19, 2011, 4:05am

For TCP it's all session data. Also see:

http://www.bro-ids.org/documentation/signatures.html

Robin

Topic		Replies	Views
Signature payload matching Zeek	2	77	May 6, 2022
Regarding signatures Zeek	2	70	May 6, 2022
Signature payload matching Zeek	4	58	May 6, 2022
signatures: pros/cons, future plans for bro Zeek	2	67	May 6, 2022
a quick doubt reg bro... Zeek	1	52	May 6, 2022

(no subject)

Related Topics