[Bro-Dev] [JIRA] (BIT-1119) topic/jsiwek/tcp-improvements

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Wed Jan 29 09:02:58 PST 2014


     [ https://bro-tracker.atlassian.net/browse/BIT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Seth Hall updated BIT-1119:
---------------------------

    Attachment: signature.asc



We could probably do it similarly to how we're doing the detection of invalid checksums by sampling weirds for a little bit.  I also like this approach a lot.  I think that keeping the default settings of Bro working "correctly" in the normal case is good, but it's awesome to be able to notify people when things are failing and how they could fix it.



> topic/jsiwek/tcp-improvements
> -----------------------------
>
>                 Key: BIT-1119
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1119
>             Project: Bro Issue Tracker
>          Issue Type: Improvement
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Jon Siwek
>             Fix For: 2.3
>
>         Attachments: signature.asc
>
>
> This branch is in the bro, bro-testing, and bro-testing-private repos and has a few changes to improve reporting of TCP connection sizes and gaps (commit messages explain in more detail).
> The baseline changes in the external repos all seemed reasonable/explainable (or actually fix a problem).  There's too much changed to go through case-by-case and actually check things, but I did do closer examinations of unique differences as I came across them (e.g. try to corroborate Bro results via wireshark).  Then for those that seem to follow the same trend as something I already inspected, I wouldn't manually check.



--
This message was sent by Atlassian JIRA
(v6.2-OD-07-028#6211)


More information about the bro-dev mailing list