Hi Vern,
I am monitoring the pm_getport event. If a suspicious remote host sends a
reqest to the monitored server and successfully get the port # of a specific
rpc service, I would like to track all incoming traffic to this
service. I need
the port # of the service for this purpose.
The way to get it is to define your own pm_request_getport event handler
(you can do this in addition to the normal one). See portmapper.bro
for how the default one works, from which you should be able to derive
an additional handler to do what you want.
Vern