Hi,
I am analyzing a pcap which contains some UDP packets. I have redefined both “udp_content_deliver_all_orig” and “udp_content_deliver_all_resp” as true, but no events are caught by “udp_request”, “upd_reply”, and “udp_contents”. However, I can use “packets_content” and “is_udp_port” to catch the udp communications.
Can these udp event handlers still be used?
Thanks and best,
Hui Lin
I am analyzing a pcap which contains some UDP packets. I have redefined
both "udp_content_deliver_all_orig" and "udp_content_deliver_all_resp" as
true, but no events are caught by "udp_request", "upd_reply", and
"udp_contents". However, I can use "packets_content" and "is_udp_port" to
catch the udp communications.
Do you have a copy of the actual script that you are using?
Trying the following on try.bro.org with exercise_traffic.pcap seems to
work fine: