[Bro] Bro and APCON

Josh Guild josh.guild at morphick.com
Thu Apr 7 11:39:18 PDT 2016


Hi all,

We have a few deployments that utilize an APCON for traffic aggregation.
We've noticed in these environments that Bro has trouble reassembling the
traffic correctly and there is a significant amount of capture loss (based
on the script). We've tried different hashing algorithms on the APCON to no
effect.

Has anyone else seen anything similar to this or have any insight?

Thanks!

-- 
Josh Guild
Network Intelligence Analyst
<https://twitter.com/stay_spooky> <https://keybase.io/joshuaguild>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160407/bcaeba58/attachment.html 


More information about the Bro mailing list