Dear Bro Developers:
I’m a student from Sun Yet-sen Uinversity in China. I’m mailing you for some questions about using bro.
I’m now using bro to analyze UDP network traffic flows. I’ve got to know that bro can trace TCP connections and have the event “tcp_packet” to get the tcp payload. However, it seems that bro doesn’t handle UDP flows well. (1)Is there some different definitions between TCP and UDP connection? And (2)how to get the payload of an UDP packet? I have noticed that the event “udp_content” maybe the handler, but (3)I don’t know how to ivoke it.
Since UDP flows continue to increase on the Internet, I’m doing some analyze on it and need tools to handle it. And I think Bro should be a good one.
Looking forward to you reply.
Best Regards.
Sincerely Yours
Jasstin
16th, July