zeek December 2002

zeek@lists.zeek.org

10 participants
22 discussions

Re: how to use Bro getting 41 features of a connect record

by Vern Paxson

> http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html > The author said Bro is modified to generate the 41 features, I > would preciated if someone is kind enough to give me some hints how > to do this. I am sure a event analyser and handler sould added to > Bro, but where, how and when to invoke the event handler. Presumably, yes, they wrote policy scripts, and perhaps also extended the event engine. But it seems you should ask the authors directly to get the details. Vern

19 years

about hash

by Wang Shaofu

Hi Looking for help! hash_t HashKey::HashBytes(const void* bytes, int size) const { const unsigned char* cp = (const unsigned char*) bytes; hash_t h = 0;//unsigned int for ( int i = 0; i < size; ++i ) // Overflow is okay here. h = (h >> 31) + (h << 1) + cp[i]; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~This arithmetic make sure there is no collision???? return h; } Have a nice day! Ciao Cloud _________________________________________________________________ 享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com

19 years

Re: about &

by Vern Paxson

> PQueue(SteppingStoneEndpoint)& OrderedEndpoints()//£¿£¿£¿ > ~~~What does this mean? I can not find > it in > standard C++. "PQueue(SteppingStoneEndpoint)" is actually a macro definition (defined in Queue.h) that refers to an instantiation of a generic type. In particular, it's definiing a pointer to a Queue, for which the elements of the queue are SteppingStoneEndpoint objects. If I had started writing Bro recently rather than quite a few years ago, I would have used templates instead. So "PQueue(SteppingStoneEndpoint)&" is a reference to such a pointer. Vern

19 years, 1 month

about &

by Wang Shaofu

Hi class SteppingStoneManager { public: SteppingStoneManager() { endp_cnt = 0; } PQueue(SteppingStoneEndpoint)& OrderedEndpoints()//？？？ ~~~What does this mean? I can not find it in standard C++. { return ordered_endps; } ...... } Thanks for your help Have a nice year; Ciao Cloud _________________________________________________________________ 免费下载 MSN Explorer: http://explorer.msn.com/lccn/

19 years, 1 month

how to use Bro getting 41 features of a connect record

by Anderson Lee

Hello! I am doing my research work in Intrusion Detection System. I read a paper about abnormal detection technique by CS Columbia University. An clustering algorithm is applied to cassify the normal and abnormal connections. Connections has higher level than packets which is used in snort, so connection can have less data size and more infomation. http://kdd.ics.uci.edu/databases/kddcup99/kddcup.names http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html The author said Bro is modified to generate the 41 features, I would preciated if someone is kind enough to give me some hints how to do this. I am sure a event analyser and handler sould added to Bro, but where, how and when to invoke the event handler. Thanks! Anderson Lee _________________________________________________________________ The new MSN 8: smart spam protection and 3 months FREE*. http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=74… http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_smartspamp…

19 years, 1 month

how to use Bro getting 41 features of a connect record

by Anderson Lee

Hello! I am doing my research work in Intrusion Detection System. I read a paper about abnormal detection technique by CS Columbia University. An clustering algorithm is applied to cassify the normal and abnormal connections. Connections has higher level than packets which is used in snort, so connection can have less data size and more infomation. http://kdd.ics.uci.edu/databases/kddcup99/kddcup.names http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html The author said Bro is modified to generate the 41 features, I would preciated if someone is kind enough to give me some hints how to do this. I am sure a event analyser and handler sould added to Bro, but where, how and when to invoke the event handler. Thanks! Anderson Lee _________________________________________________________________ MSN 8 with e-mail virus protection service: 3 months FREE*. http://join.msn.com/?page=features/virus&xAPID=42&PS=47575&PI=7324&DI=7474&… http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_eliminatev…

19 years, 1 month

Re: about collect packets

by Wang Shaofu

>Check for pcap_open_live in PktSrc.cc -- I think you'll find what >you're looking for there.... Great! Thanks a lot Have a nice day. Ciao Cloud _________________________________________________________________ 与联机的朋友进行交流，请使用 MSN Messenger: http://messenger.msn.com/cn

19 years, 1 month

Re: about collect packets

by Wang Shaofu

>There are other libpcap functions which Bro makes use of. Oh , it is pcap_next. Thanks a lot! Have a nice day. Ciao Cloud _________________________________________________________________ 免费下载 MSN Explorer: http://explorer.msn.com/lccn/

19 years, 1 month

about collect packets

by Wang Shaofu

Hi Marry christmas. I can't find out pcap_dispatch either pcap_loop in Bro. How does Bro collet packets ??? Have a nice year. Ciao Cloud _________________________________________________________________ 免费下载 MSN Explorer: http://explorer.msn.com/lccn/

19 years, 1 month

Re: about collect packets

by Eli Dart

Check for pcap_open_live in PktSrc.cc -- I think you'll find what you're looking for there.... --eli In reply to "Wang Shaofu" <wsffree(a)hotmail.com> : > Hi > > Marry christmas. > > I can't find out pcap_dispatch either pcap_loop in Bro. > How does Bro collet packets ??? > > Have a nice year. > Ciao > Cloud > > > _________________________________________________________________ > =C3=E2=B7=D1=CF=C2=D4=D8 MSN Explorer: http://explorer.msn.com/lccn/=20 >

19 years, 1 month

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek December 2002