[Bro] Bro and myricom woes

Seth Hall seth at icir.org
Thu Aug 7 20:16:56 PDT 2014

On Aug 7, 2014, at 5:20 PM, Harry Hoffman <hhoffman at ip-solutions.net> wrote:

> Just curious, why does Bro break? Or what makes bro break?

Bro does deep packet inspection and if the packets are artificially cropped and Bro can't see all of the traffic there ends up being a lot of missed bytes in connections.  In order to correctly analyze many connections, all of the packet data needs to be there.

> Also, myricom needs to update some of their docs for v3 but all seems to still function just fine.

They actually added a feature we requested.  It should be possible to load balance traffic multiple times to multiple tools now.  We still need to adapt our Myricom broctl plugin to support the way that works.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140807/db877182/attachment.bin 

More information about the Bro mailing list