[Bro-Dev] [JIRA] (BIT-1247) Missing packet in HTTP byte ranges request stops processing
Jimmy Jones (JIRA)
jira at bro-tracker.atlassian.net
Thu Sep 11 13:49:07 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18015#comment-18015 ]
Jimmy Jones commented on BIT-1247:
----------------------------------
Tested and looks good! Will try and do some more testing next week and raise anything I find.
> Missing packet in HTTP byte ranges request stops processing
> -----------------------------------------------------------
>
> Key: BIT-1247
> URL: https://bro-tracker.atlassian.net/browse/BIT-1247
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Environment: CentOS 6
> Reporter: Jimmy Jones
> Attachments: byteranges-hole1.trace
>
>
> I've created the attached file from one in the testing framework, but with packet #8 removed. The missing packet is in the middle of a mime part and doesn't straddle any MIME boundaries. However with the packet removed, the file output by the file analysis framework only contains the data up until the missing packet. As the missing packet didn't include any MIME boundaries, I wouldn't expect this behavior.
> Used the following bro script:
> event file_new(f: fa_file)
> { Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=f$id]); }
--
This message was sent by Atlassian JIRA
(v6.4-OD-04-006#64001)
More information about the bro-dev
mailing list