![]() ![]() ![]() You can change the prefix name by redefining the HTTP::extraction_prefix variable. You can filter the output to obtain only the GET requests: bro-cut id.orig_h id.resp_h method host uri 'HTTP::extract_file_type = /video/avi/'īro sniffs the MIME type of a HTTP body and if it matches the regular expression /video/avi/, it creates a file with the prefix http-item. The one you are interested in is http.log. This invocation generates a bunch of log files in the current directory. This is accomplished using a request-response structure. SMTP is a text-based protocol designed to be limited to printable ASCII characters. Alternatively, users can filter for ports commonly used in SMTP traffic (i.e., 25, 587 and 465). Simply run it with your trace file: bro -r SMTP traffic can be filtered in Wireshark using the built-in smtp filter. Destination IP Filter A destination filter can be applied to restrict the packet view in wireshark to only those packets that have destination IP as mentioned in the filter. While this may be doable with Wireshark, it is orders of magnitude easier with Bro. The filter applied in the example below is: ip.src 192.168.1.1 4.
0 Comments
Leave a Reply. |