[Bro] Help :Bro for HDLC CISCO data link

vijay khadse vijay.m.khadse1979 at gmail.com
Sat Apr 10 07:09:49 PDT 2010


Hello all,
I am using Bro 1.5.  When i was using bro without support for   CISCO HDLC
data link type ,  I executed the cammand ,

linux-oxtm:~ # bro -r /usr/local/bro/090500-0-anon.pcap
/usr/local/bro/share/bro/synflood.bro

It gives me following error.

  bro: problem with trace file /usr/local/bro/090500-0-anon.pcap   - unknown
data link type 0x68

After that on the suggestion of my friend JUSTIN AZOFF  made changes in
Src/Pktsrc.cc and added support . CISCO HDLC uses the offset for data  5.

Then I executed the same command
linux-oxtm:~ # bro -r /usr/local/bro/090500-0-anon.pcap
/usr/local/bro/share/bro/synflood.bro

The previous error gets vanished, and i get the different results, It a long
listing  so i pasted few lines.

weird: 1029340801.994057 non_IPv4_packet
weird: 1029340801.994062 non_IPv4_packet
weird: 1029340801.994066 non_IPv4_packet
weird: 1029340801.994071 non_IPv4_packet
weird: 1029340801.994077 non_IPv4_packet
weird: 1029340801.994085 non_IPv4_packet
weird: 1029340801.994091 non_IPv4_packet
weird: 1029340801.994107 non_IPv4_packet
weird: 1029340801.994110 non_IPv4_packet
weird: 1029340801.994112 non_IPv4_packet
weird: 1029340801.994127 non_IPv4_packet
weird: 1029340801.994134 non_IPv4_packet^C
1029340801.994134 received termination signal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100410/7d0a5ae2/attachment.html 


More information about the Bro mailing list