Christian Kreibich christian at whoop.org
Sun Jun 12 18:41:17 PDT 2005

Hi Mike,

after looking at this debugging output I can say for sure that the TCP
connection between broping and Bro got established successfully. broping
is starting up and beginning its part of the Bro-level connection
handshake, but it never receives anything from Bro: it tries to read
data until the handshake timeout goes off in which case it returns the

So we need to figure out why your Bro does not send anything back -- I
currently have no idea why that would be the case. Can you please build
Bro in debugging mode (--enable-debug at configure time), and run it
with "-B serial,comm" and send me all of the resulting Bro logs? Thanks.
On Tue, 2005-06-07 at 12:07 -0500, Mike Muratet wrote:
> Christian
> Following your advice, I have made broping or broping-record the start 
> policy and these load fine. (I'll sweat the startup issues later.) I have 
> tested all 4 combinations of broping/broping -r and broping/broping-record 
> (not really understanding the differences at this point). The debug output 
> is attached. Also attached is the tcpdump in case it's of any use.  I don't 
> see anything I recognize as a problem, but then again I have all the 
> expertise of a bag of hammers. ;-)
> Thanks
> Mike 


