[Bro] Reassembly of IPv6 TCP streams
jmellander at lbl.gov
Tue Dec 6 14:56:53 PST 2011
As a workaround, the latest version of tcpflow 1.0.2 (
http://freecode.com/projects/tcpflow ) performs IPv6 session
reassembly into files. I had to hack it a bit to get it to work on
freebsd, but will be submitting the patches upstream.
On Mon, Dec 5, 2011 at 7:50 PM, Seth Hall <seth at icir.org> wrote:
> On Dec 5, 2011, at 7:20 PM, Jim Mellander wrote:
>> contents.bro performs session reconstruction of IPv4 traffic, but when
>> running Bro 1.5 contents.bro against an IPv6 packet trace, it creates
>> 0-length files, but doesn't extract the session contents to those
>> files. Is this in the works?
> That will be part of the work for 2.1. I'll file a ticket for that to make sure we look into it.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
More information about the Bro