on some peculiar alarms
Anton Chuvakin, Ph.D.
anton at netForensics.com
Thu Sep 25 15:22:35 PDT 2003
Since this list is the only forum on Bro, I will shoot my question here
(even not being sure whether its appropriate) :-)
I keep seing this alert - ContentGap - in HTTP and SMTP traffic. What does
it actually mean? I suspect reading the *.cc files is the only way to
really know it, but maybe somebody can explain it?
On anothet note, there seems to be a minor bug in dropped packet counting.
Here is what I got today:
1064520794.493349 DroppedPackets dropped 633 packets out of -692 received
Anton Chuvakin, Ph.D., GCIA, GCIH - http://www.info-secure.org
Senior Security Analyst
Product Management Group
netForensics - http://www.netForensics.com
More information about the Bro