[Bro-Dev] [JIRA] (BIT-1255) TCP reassembly issue
Jimmy Jones (JIRA)
jira at bro-tracker.atlassian.net
Thu Sep 18 07:22:07 PDT 2014
Jimmy Jones created BIT-1255:
--------------------------------
Summary: TCP reassembly issue
Key: BIT-1255
URL: https://bro-tracker.atlassian.net/browse/BIT-1255
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.3, git/master
Environment: CentOS 6
Reporter: Jimmy Jones
Attachments: out.pcap
Been testing bro with some messy (but valid) TCP streams, using docker and netem (happy to upload a gist if people are interested).
The attached file reassembles correctly in wireshark, but bro only gives the first 4069 bytes when extracted with the file analysis framework, and obviously the wrong hash (md5 is the URI).
--
This message was sent by Atlassian JIRA
(v6.4-OD-05-008#64003)
More information about the bro-dev
mailing list