Software framework stores ports for server software.

scripts/policy/protocols/http/detect-webapps.bro

@@ -23,7 +23,7 @@ event signature_match(state: signature_state, msg: string, data: string) &priori
 	if ( /^webapp-/ !in state$sig_id ) return;
 	
 	local c = state$conn;
-	local si = Software::parse(msg, c$id$resp_h, WEB_APPLICATION);
+	local si = Software::parse_with_port(msg, c$id$resp_h, c$id$resp_p, WEB_APPLICATION);
 	si$url = build_url_http(c$http);
 	if ( c$id$resp_h in Software::tracked &&
 	     si$name in Software::tracked[c$id$resp_h] )

scripts/policy/protocols/http/software.bro

@@ -25,13 +25,13 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
 	else
 		{
 		if ( name == "SERVER" )
-			Software::found(c$id, Software::parse(value, c$id$resp_h, SERVER));
+			Software::found(c$id, Software::parse_with_port(value, c$id$resp_h, c$id$resp_p, SERVER));
 		else if ( name == "X-POWERED-BY" )
-			Software::found(c$id, Software::parse(value, c$id$resp_h, APPSERVER));
+			Software::found(c$id, Software::parse_with_port(value, c$id$resp_h, c$id$resp_p, APPSERVER));
 		else if ( name == "MICROSOFTSHAREPOINTTEAMSERVICES" )
 			{
 			value = cat("SharePoint/", value);
-			Software::found(c$id, Software::parse(value, c$id$resp_h, APPSERVER));
+			Software::found(c$id, Software::parse_with_port(value, c$id$resp_h, c$id$resp_p, APPSERVER));
 			}
 		}
 	}

scripts/policy/protocols/ssh/software.bro

@@ -24,6 +24,6 @@ event ssh_server_version(c: connection, version: string) &priority=4
 	{
 	# Get rid of the protocol information when passing to the software framework.
 	local cleaned_version = sub(version, /SSH[0-9\.\-]{2,}/, "");
-	local si = Software::parse(cleaned_version, c$id$resp_h, SERVER);
+	local si = Software::parse_with_port(cleaned_version, c$id$resp_h, c$id$resp_p, SERVER);
 	Software::found(c$id, si);
 	}