[Bro] Bro Not Extracting Host Fields from HTTP Traffic
Azoff, Justin S
jazoff at illinois.edu
Tue Jul 12 09:29:19 PDT 2016
> On Jul 12, 2016, at 12:26 PM, Arash Fallah <af7 at umbc.edu> wrote:
> Thanks Justin, that was the problem.
> I have two follow-up questions. Can a NIC card handle calculating checksums for all packets instead of offloading to the CPU or would disabling offloading result in dropped packets? Is it preferable to have Bro ignore the checksums instead?
> I understand this is a general question but I'm having trouble benchmarking a 10Gb/s capture card.
This is only an issue when you are running bro on the same machine that is generating the traffic. Hook up bro to a tap or a span port and the checksums will be correct.
- Justin Azoff
More information about the Bro