[Bro-Dev] Should Bro Ignore PCAP Checksums by Default?
Seth Hall
seth at icir.org
Tue Jun 18 07:10:25 PDT 2013
On Jun 10, 2013, at 10:58 AM, Robin Sommer <robin at icir.org> wrote:
> Current git gives a warning when Bro believes that your packets
> generally have incorrect checksums and you should hence use -C. I'm
> hoping that will point people into the right direction more quickly.
>
> However, I think I also wouldn't object to changing the default, as it
> indeed has become a very common problem these days.
I think we should keep the default with strict checksum checking, especially now that we have the new script that tells users if they seem to have invalid checksums. I would rather push people down the right path as much as possible.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the bro-dev
mailing list