[Bro] truncated packets

Slagell, Adam J slagell at illinois.edu
Wed Aug 7 11:29:25 PDT 2013

You may try turning off the checksum verification.

On Aug 7, 2013, at 1:13 PM, Laleh Arshadi <la_arshadi at yahoo.com<mailto:la_arshadi at yahoo.com>>

Dear All,

I know that Bro can analyze offline traffic with its -r option but I wonder if it can analyze the traffic contains truncated packets? I remember a few years ago when I run old versions of Bro on the MAWI traffic, it didn't work properly since the packets were all truncated at 54 bytes. Maybe this has changed in the newer versions?

Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>


Adam J. Slagell
Chief Information Security Officer
Sr. Research Scientist
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign

"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130807/5ccc892e/attachment.html 

More information about the Bro mailing list