[Bro] Some results from basic testing of bro-1.4prerelease.
renaud.luca at gmail.com
Mon Sep 15 20:15:54 PDT 2008
Some facts derived from the testing of bro-1.4prerelease:
First,I run bro on a DebianLinuxPPC workstation,which I use for
webbrowsing(ADSL connection) and offline use(for several purposes).
I capture the traffic with tcpdump and bro does the analysis of the
captured traffic.As only the related http traffic services/ports
are enabled it's not a specially rich testing.Anyway,I get a much
less number of weird events(I have never had more troublesome notices)
than when I do the analysis of the same files with bro-1.2.1.
As weird events are generally considered traffic that "should never
happen",shouldn't both versions signal approximately the same number
of weird events?
The compiling of bro-1.4prerelease on the above system(Debian testing)
was done normally,I got some compiler warnings but at first sight
the usual harmless ones.
As I run both bro versions on the same files I got warnings like that:
line 1: run-time error: wrong data format, expected version 13 but got
line 1: run-time error: wrong data format, expected version 18 but got
It seems related to the use of both versions of bro in the same
When I do bro -r tcpdumpcapturefile backdoor.bro I get:
line 1: warning: event handlers never invoked:
line 1: warning: Drop::restore_dropped_address
When I do bro -r tcpdumpcapturefile I don't get the 2 above lines.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro