#857: Change capture port in HTTP analyzer from 3138/tcp instead of 3128/tcp ------------------------+--------------------- Reporter: aashish | Type: Problem Status: new | Priority: High Milestone: | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- Port definitions in main.bro in ../share/bro/base/protocols/http/main.bro has 3138/tcp defined in structures "ports", "likely_server_ports" and "capture_filters" This should be 3128/tcp to capture traffic for squid proxy. Config below: # DPD configuration. const ports = { 80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp, 8000/tcp, 8080/tcp, 8888/tcp, }; redef dpd_config += { [[ANALYZER_HTTP, ANALYZER_HTTP_BINPAC]] = [$ports = ports], }; redef capture_filters += { ["http"] = "tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888)" }; redef likely_server_ports += { 80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp, 8000/tcp, 8080/tcp, 8888/tcp, }; -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/857> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker