Hi
I am using below script for port-knocking i am getting error
https://github.com/initconf/scan-NG/blob/master/scripts/check-port-knock.bro
http://try.bro.org/#/trybro/saved/292398
below part is getting error
if (orig !in Scan::known_scanners)
{
if (|likely_port_scanner[orig,resp]| == HIGH_THRESHOLD_LIMIT && high_threshold_flag )
{
result = T ;
}
else if (|likely_port_scanner[orig,resp]| == MED_THRESHOLD_LIMIT && medium_threshold_flag )
{
result = T ;
error in ././trybro.bro, line 115: unknown identifier Scan::known_scanners, at or near “Scan::known_scanners”
Regards
Sunu
My guess is you don’t have scan.bro loaded ahead of that script.
hello Sunu,
Actually, I never finished writing the check-port-knock.bro -
Don't use it 
I think it should have been commented out in #__load__.bro
I'll make sure github doesn't include the unfinished version.
Sorry about that.
Aashish
Hi
I am using below script for port-knocking i am getting error
https://github.com/initconf/scan-NG/blob/master/scripts/check-port-knock.bro
Try Zeek
below part is getting error
if (orig !in Scan::known_scanners)
{
if (|likely_port_scanner[orig,resp]| ==
HIGH_THRESHOLD_LIMIT && high_threshold_flag )
{
result = T ;
}
else if (|likely_port_scanner[orig,resp]| ==
MED_THRESHOLD_LIMIT && medium_threshold_flag )
{
result = T ;
error in ././trybro.bro, line 115: unknown identifier Scan::known_scanners,
at or near "Scan::known_scanners"
Regards
Sunu
S