[Bro] capture loss vs dropped packets
reswob10 at gmail.com
Wed Aug 16 12:36:50 PDT 2017
According to the following:
I can get capture loss notices when an bro isn't getting all the acks from
an upstream device (network tap, wrongly configured ethernet port, etc)
which is different from dropped packets which is when bro can't process all
the packets it sees.
So in my environment, I'm getting entries in the capture-loss.log, but I'm
not getting any corresponding entries in my notice.log.
Does this mean that I'm seeing Capture Loss without Dropped Packets? and
that it's caused by a device upstream to Bro?
Craig L Bowser
This email is measured by size. Bits and bytes may have settled during
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro