[Bro] HTTP not being seen

Seth Hall seth at icir.org
Sun Sep 15 18:50:18 PDT 2013

On Sep 14, 2013, at 5:04 AM, Keith Butler <kebutler at gmail.com> wrote:

> Option 1 would probably entail:
> If you are using broctl, in your broctl.cfg file add the line (then install and restart in broctl)?
> broargs = --no-checksums

I want to chime in here quickly.  Generally if you are running in BroControl it means that you are sniffing live traffic and probably in an environment where you want things to run correctly in which case you would *never* want to configure this option.  If packet have bad checksums, they generally should be dropped.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130915/51c65f12/attachment.bin 

More information about the Bro mailing list