[Bro-Dev] Should Bro Ignore PCAP Checksums by Default?

Seth Hall seth at icir.org
Tue Jun 18 07:10:25 PDT 2013

On Jun 10, 2013, at 10:58 AM, Robin Sommer <robin at icir.org> wrote:

> Current git gives a warning when Bro believes that your packets
> generally have incorrect checksums and you should hence use -C. I'm
> hoping that will point people into the right direction more quickly.
> However, I think I also wouldn't object to changing the default, as it
> indeed has become a very common problem these days.

I think we should keep the default with strict checksum checking, especially now that we have the new script that tells users if they seem to have invalid checksums.  I would rather push people down the right path as much as possible.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list