[Bro] Reassembly of IPv6 TCP streams

Jim Mellander jmellander at lbl.gov
Tue Dec 6 14:56:53 PST 2011


As a workaround, the latest version of tcpflow 1.0.2 (
http://freecode.com/projects/tcpflow ) performs IPv6 session
reassembly into files.  I had to hack it a bit to get it to work on
freebsd, but will be submitting the patches upstream.


On Mon, Dec 5, 2011 at 7:50 PM, Seth Hall <seth at icir.org> wrote:
>
> On Dec 5, 2011, at 7:20 PM, Jim Mellander wrote:
>
>> contents.bro performs session reconstruction of IPv4 traffic, but when
>> running Bro 1.5 contents.bro against an IPv6 packet trace, it creates
>> 0-length files, but doesn't extract the session contents to those
>> files.  Is this in the works?
>
>
> That will be part of the work for 2.1.  I'll file a ticket for that to make sure we look into it.
>
>  .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>




More information about the Bro mailing list