udp_request and icmp_sent event handlers

Vern · May 8, 2005, 12:51am

I met a problem that event handlers udp_request, udp_reply, icmp_sent
doesn't work (i.e., they are not processed) when Bro read tcpdump data that
consist of udp and icmp packets. I did load udp and icmp analyzers. I noticed
that icmp_request and icmp_reply event handlers worked. Has anyone met
the same
problem?

udp.bro doesn't turn on a capture-all-UDP filter. So try adding

redef capture_filters += { ["all udp"] = "udp" };

- Vern

bchen · May 9, 2005, 3:12am

Hi Vern,
Thank you for your help. Yes, it works after I redef the capture_filters.
How about the icmp_sent event handler? Should the icmp_sent event handler see
all kinds of icmp packets?

Bing

Topic		Replies	Views
udp_request and icmp_sent event handlers Zeek	1	74	May 6, 2022
udp_request and icmp_sent event handlers Zeek	2	74	May 6, 2022
udp_request and icmp_sent event handlers Zeek	1	95	May 6, 2022
Questions About UDP Events in Bro Zeek	1	84	May 6, 2022
http_request event Zeek	4	113	May 6, 2022

udp_request and icmp_sent event handlers

Related topics