[Bro-Dev] [JIRA] (BIT-1444) Connection logging for ESP

Jimmy Jones (JIRA) Sat, 05 Sep 2015 06:38:16 -0700

    [ 
https://bro-tracker.atlassian.net/browse/BIT-1444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21968#comment-21968
 ]


Jimmy Jones commented on BIT-1444:
----------------------------------

Thanks Seth. Wireshark sample captures wiki has a few - 
https://wiki.wireshark.org/SampleCaptures#IPsec_-_ESP_Payload_Decryption_and_Authentication_Checking_Examples

> Connection logging for ESP
> --------------------------
>
>                 Key: BIT-1444
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1444
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>            Reporter: Jimmy Jones
>            Assignee: Vlad Grigorescu
>            Priority: Low
>
> I'd like to be able to track ESP (IPSec) connections in conn.log. Although 
> ESP is encrypted, the ability to track volumes and pattern of life etc would 
> be beneficial when doing intrusion analysis.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1444) Connection logging for ESP

Reply via email to