- No printing! Use the reporter instead.
- Frameworks shouldn't cause any performance overhead merely by the act of loading them.
- If you really have to handle events outside of those generated by the module you're working on (like connection_established or connection_state_remove) triple check your code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global watching_icmp: table[conn_id, count] of time &create_expire=3secs; | |
event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) | |
{ | |
watching_icmp[c$id, seq] = network_time(); | |
} | |
event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) | |
{ | |
if ( [c$id, seq] !in watching_icmp ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global my_table: table[count] of count = { }; | |
event bro_init() | |
{ | |
print val_size(my_table); | |
my_table[1] = 1; | |
my_table[2] = 2; | |
my_table[3] = 3; | |
print val_size(my_table); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICM | |
index 732727d..43e961e 100644 | |
--- a/src/analyzer/protocol/icmp/ICMP.cc | |
+++ b/src/analyzer/protocol/icmp/ICMP.cc | |
@@ -100,8 +100,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* dat | |
else if ( ip->NextProto() == IPPROTO_ICMPV6 ) | |
NextICMP6(current_timestamp, icmpp, len, caplen, data, ip); | |
else | |
- reporter->InternalError("unexpected next protocol in ICMP::Deliv | |
- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
redef exit_only_after_terminate = T; | |
module BroExchangeWatch; | |
export { | |
redef enum Notice::Type += { | |
Woo, | |
}; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@load base/protocols/http | |
const watchlist_url_patterns = /^.*/test.php\// &redef; | |
redef record Conn::Info += { | |
content_disposition: string &optional &log; | |
}; | |
event http_all_headers(c: connection, is_orig: bool, hlist: mime_header_list) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paste the following into: http://certlogik.com/decoder/ | |
MIIXqwYJKoZIhvcNAQcCoIIXnDCCF5gCAQExCzAJBgUrDgMCGgUAMEwGCisGAQQBgjcCAQSgPjA8MBcGCisGAQQBgjcCAQ8wCQMBAKAEogKAADAhMAkGBSsOAwIaBQAEFKbTZvvCj5cDkxgWVtg79OiqTsRvoIISujCCA+4wggNXoAMCAQICEH6T6/t8xk5Z6kuad9QG/DswDQYJKoZIhvcNAQEFBQAwgYsxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9uMR8wHQYDVQQDExZUaGF3dGUgVGltZXN0YW1waW5nIENBMB4XDTEyMTIyMTAwMDAwMFoXDTIwMTIzMDIzNTk1OVowXjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMTAwLgYDVQQDEydTeW1hbnRlYyBUaW1lIFN0YW1waW5nIFNlcnZpY2VzIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxrLNJVEuXHBIK2CV5kSJXKm/cuCbEQ3Nrwr8uUFr7FMJ2jkMBJUO0oeJF9Oi3e8N0zCLXtJQAAvdN7b+0t0Qka81fRTvRRM5DEnMXgotptCvLmR6schsmTXEfsTHd+1FhAlOmqvVJLAV4RaUvic7nmef+jOJXPz3GktxK+Hsz5HkK+/B1iEGc/8UDUZmq12yfk2mHZSmDhcJgFMTIyTsU2sCB8B8NdN6SIqvK9/t0fCfm90obf6fDni2uiuqm5qonFn1h95hxEbziUKFL5V365Q6nLJ+qZSDT2JboyHylTkhE/xniRAeSC9dohIBdanhkRc1gRn5UwRN8xXnxycF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# the number of workers we expect | |
WORKER_COUNT=7 | |
# the number of proxies we expect | |
PROXY_COUNT=0 | |
# the cpu mask for our default set | |
DFLT_SET="0,1,9,10,11" | |
# get short hostname | |
HOSTNAME=$(hostname -s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro | |
index cd20f4e..a8b784f 100644 | |
--- a/scripts/base/protocols/ssh/main.bro | |
+++ b/scripts/base/protocols/ssh/main.bro | |
@@ -108,6 +108,8 @@ function check_ssh_connection(c: connection, done: bool) | |
if ( c$ssh$done ) | |
return; | |
+ lookup_connection(c$id); | |
+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cwho () { ADDR=$1; host $ADDR; geoiplookup $ADDR | tail -n1; whois -h whois.cymru.com -- "-p -c -n -r -u -e -w ${ADDR}" | grep -v "^AS"; } |