[Bro] Bro - File Extraction

Mehmet LEBLEBİCİ mehmetleb at gmail.com
Wed May 11 01:41:01 PDT 2016

Hello all,

I am using Bro 2.4.1 and want to extract files seen on the network traffic.
For this i loaded extract-all-files.bro script in local.bro. However, it
does not completely extract files. It seems it stops extracting after some
point. This occurs for all file types. I looked at the files.log file and
see that total_bytes and seen_bytes fields are not same. I also checked
extract file size limit and there is no problem with that. Also, when i
save the traffic into a pcap file and issue bro -Cr pcapFile.pcap
...../extract-all-files.bro, it extracts files successfully. However, it
cannot do so in current/logs/extractFiles directory. I am kind of new to
Bro and i am stuck with this problem for about a week. So, any help will be

Thanks in advance,

Mehmet Leblebici
