[Bro] Extract files not authentic copy of file
ambros.novak.89 at gmail.com
Thu Feb 22 18:32:31 PST 2018
Thank you Seth and Vern.
Im unsure any packets are being dropped. How would I check if packets are being dropped?
Would dropped packets also have duplicated streams? I’m seeing the same text repeated anywhere from 2-4 times in extracted files.
I’m looking at PDF, EXE, and various MS Office files.
On Feb 22, 2018, at 8:14 PM, Vern Paxson <vern at corelight.com> wrote:
>> Are you having any trouble with dropped packets? If you are dropping a
>> lot of packets, it's possible for your extracted files to be
> Along with that, another possibility is that the host does some transformation
> before storing the file. What types of files are these?
More information about the Bro