[Bro] capture loss vs dropped packets

craig bowser reswob10 at gmail.com
Wed Aug 16 12:36:50 PDT 2017

According to the following:


I can get capture loss notices when an bro isn't getting all the acks from
an upstream device (network tap, wrongly configured ethernet port, etc)
which is different from dropped packets which is when bro can't process all
the packets it sees.

So in my environment, I'm getting entries in the capture-loss.log, but I'm
not getting any corresponding entries in my notice.log.


Does this mean that I'm seeing Capture Loss without Dropped Packets? and
that it's caused by a device upstream to Bro?


Craig L Bowser

This email is measured by size.  Bits and bytes may have settled during
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170816/730a17f6/attachment.html 

More information about the Bro mailing list