Hi TQ,
Thanks for the thoughts.
I tried as you suggested, but nothing changed when specifying 47808/udp. Below is what’s in the main.bro file - any thoughts are welcome and appreciated.
Also - what’s best practice for this mailing list when a conversation gets multiple threads going (you, Mauro, and Justin have all offered help)? Keep everyone’s thoughts/replies in one thread or break out into direct emails?
Aaron