on some peculiar alarms

Anton Chuvakin, Ph.D. anton at netForensics.com
Thu Sep 25 15:22:35 PDT 2003


Since this list is the only forum on Bro, I will shoot my question here
(even not being sure whether its appropriate) :-)

I keep seing this alert - ContentGap - in HTTP and SMTP traffic. What does
it actually mean? I suspect reading the *.cc files is the only way to
really know it, but maybe somebody can explain it?

On anothet note, there seems to be a minor bug in dropped packet counting.
Here is what I got today:

1064520794.493349 DroppedPackets dropped 633 packets out of -692 received

Anton Chuvakin, Ph.D., GCIA, GCIH - http://www.info-secure.org
Senior Security Analyst
Product Management Group
netForensics -  http://www.netForensics.com

More information about the Bro mailing list