[Bro] HTTP not being seen
seth at icir.org
Sun Sep 15 18:50:18 PDT 2013
On Sep 14, 2013, at 5:04 AM, Keith Butler <kebutler at gmail.com> wrote:
> Option 1 would probably entail:
> If you are using broctl, in your broctl.cfg file add the line (then install and restart in broctl)?
> broargs = --no-checksums
I want to chime in here quickly. Generally if you are running in BroControl it means that you are sniffing live traffic and probably in an environment where you want things to run correctly in which case you would *never* want to configure this option. If packet have bad checksums, they generally should be dropped.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130915/51c65f12/attachment.bin
More information about the Bro