[Bro] resp_bytes bug
td66bshwu at gmail.com
Wed Feb 4 16:27:45 PST 2015
I've been using Bro a lot lately and recently I've started noticing some
weird connection sizes.
For instance a single connection may have a resp_bytes of over 1000GB,
far more than is possible given the circumstances.
Three weirdness notifications seem to pop up along with this error,
although not always all three at once. They are: SYN_seq_jump,
SYN_inside_connection, & TCP_ack_underflow_or_misorder.
I've managed to capture an instance of bug happening and have attached
the dump to this email.
If you run the dump through bro it should show a resp_bytes of almost
4GB for this connection, despite the capture only being a couple KB.
Could you please help me understand what is happening her and perhaps
fix the bug?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1966 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150205/88038fad/attachment.bin
More information about the Bro