[Bro] broccoli tests
mike.muratet at torchtechnologies.com
Wed Jun 8 14:44:02 PDT 2005
I have been looking at brocolli debug output for broping and the related
tcpdump files and bro logs. Using the timestamps I have followed the request
to bro for 'ping' and I can see in the bro log that 'ping' was received.
There's nothing in the logs about sending 'pong', and so far I haven't been
able to locate that part of the bro code by grep'ing "ping". However, I can
see in the tcpdump data that there is a response at the appropriate time
(even if I don't understand the payload info). Looking at the broccoli
output, it appears that it tries repeatedly to read a buffer in sets of 20
attempts, and finally gives up. If you (or anyone on the list) can point me
to the write part of bro, I'll look there to see if it's sending 'pong'.
More information about the Bro