[Bro] broccoli tests

Mike Muratet mike.muratet at torchtechnologies.com
Wed Jun 8 14:44:02 PDT 2005


Christian

I have been looking at brocolli debug output for broping and the related 
tcpdump files and bro logs. Using the timestamps I have followed the request 
to bro for 'ping' and I can see in the bro log that 'ping' was received. 
There's nothing in the logs about sending 'pong', and so far I haven't been 
able to locate that part of the bro code by grep'ing "ping". However, I can 
see in the tcpdump data that there is a response at the appropriate time 
(even if I don't understand the payload info). Looking at the broccoli 
output, it appears that it tries repeatedly to read a buffer in sets of 20 
attempts, and finally gives up. If you (or anyone on the list) can point me 
to the write part of bro, I'll look there to see if it's sending 'pong'.

Thanks

Mike 




More information about the Bro mailing list