scan-NG icon indicating copy to clipboard operation
scan-NG copied to clipboard
verified publisher icon initconf

host-profiling.bro

Open binups opened this issue 8 years ago • 1 comments

how to test host-profiling.bro any pcap available , i tested setup but its not hitting anythink any specific way to do this ??

binups avatar Oct 04 '17 19:10 binups

Sorry, I didn't see this message until today.

host-profiling.bro works by identifying services on local_nets by tapping into connection_established even where a remote IP has a full SF to a local IP on a given port.

So if you have full connection pcap (example: a HTTP session to a local webserver by a remote IP) you should see a host-profiling hit.

In other words, to write a test, you need a local_nets IP accepting a remote IP connection. Let me know if you still see issues.

I will try to write btest for scan-NG package ! or you can email me with questions too at asharma @ lbl dot gov

initconf avatar Mar 23 '18 22:03 initconf