NTP

Jan_Grashoefer · August 24, 2015, 2:23pm

Hi,

I would like to use the NTP analyzer and documentation says:

“Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.” (https://www.bro.org/sphinx/script-reference/proto-analyzers.html#bro-ntp)

I think a DPD signature would be preferable compared to registering a port. Before I start digging into that I thought I might ask here, whether someone has already done this.

Best regards,
Jan

Topic		Replies	Views
dpd unknown port Zeek	4	93	May 6, 2022
[Bro_Configuration]Problem with RPC Analyzer Development development	1	63	May 6, 2022
Packet Signature, Protocol, and Analyzer Relationship Development development	2	62	May 6, 2022
Requesting some pointers- Adding a new protocol to BRO- Facing problems Zeek	3	59	May 6, 2022
invoking an analayzer without the default policy script? Zeek	5	53	May 6, 2022

NTP

Related Topics