[Bro] BRO gets Autorestarted or Killed

Christian Kreibich christian at whoop.org
Thu Jul 27 09:24:32 PDT 2006


On Thu, 2006-07-27 at 08:55 -0700, Anandraj wrote:
> Hi All,
> I m facing a strange problem . 
> I made some changes to the BRO code to Detect Bittorrent Traffic , a
> simple implemenation of detecting Traffic on port 6881 
> . I was able to detect bittorrent pkts on port 6881 on linux desktop PC.
> when i moved the same code base to a Transparent Bridge kinda of setup ,
> where the bittorrent traffic passes through the bridge .. ..I was facing
> some strange problems , like the bro process either get restarted when
> it gets a packet (any packet) or the process gets killed when it gets a
> packet .

please understand that in order for us to be able to help you, you'll
have to describe exactly what you mean by a transparent bridge "kind of"
setup, and how the main Bro process gets killed (by whom, is it a
segfault, etc). In terms of packet capture there's no technical
difference between running, say, tcpdump on an interface and Bro, so try
to see if that works well first.


More information about the Bro mailing list