[Bro] truncated packets
Slagell, Adam J
slagell at illinois.edu
Wed Aug 7 11:29:25 PDT 2013
You may try turning off the checksum verification.
On Aug 7, 2013, at 1:13 PM, Laleh Arshadi <la_arshadi at yahoo.com<mailto:la_arshadi at yahoo.com>>
I know that Bro can analyze offline traffic with its -r option but I wonder if it can analyze the traffic contains truncated packets? I remember a few years ago when I run old versions of Bro on the MAWI traffic, it didn't work properly since the packets were all truncated at 54 bytes. Maybe this has changed in the newer versions?
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
Adam J. Slagell
Chief Information Security Officer
Sr. Research Scientist
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro