[Bro] impossibly large packets
tray at 21ct.com
Mon Feb 11 12:41:09 PST 2013
Our current best guess is 1,766,926,155 bytes. That's clearly far above
the jumbo limit, or any other limit I can think of. When we try to open
that packet in Wireshark, it's corrupt, which I believe to be true.
How does Bro handle such a case? Does it understand that such a thing is
On 2/11/13 2:32 PM, "Seth Hall" <seth at icir.org> wrote:
>On Feb 11, 2013, at 3:14 PM, Tim Ray <tray at 21ct.com> wrote:
>> Does Bro have any way to handle corrupt packets that appear to be
>>impossibly large? When we get those in our setup, it hangs. Thanks.
>You're going to have to define "impossibly large". Could you also
>describe more what you mean when you say it hangs too?
>Just a pre-guess thoughŠ Do you have any NIC features enabled for
>extended packet handling?
>International Computer Science Institute
>(Bro) because everyone has a network
More information about the Bro