[Bro-Dev] [JIRA] (BIT-1257) Same file id generated for potentially different files
Jimmy Jones (JIRA)
jira at bro-tracker.atlassian.net
Mon Sep 22 02:15:07 PDT 2014
Jimmy Jones created BIT-1257:
--------------------------------
Summary: Same file id generated for potentially different files
Key: BIT-1257
URL: https://bro-tracker.atlassian.net/browse/BIT-1257
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.3, git/master
Environment: CentOS 6
Reporter: Jimmy Jones
Attachments: fa.bro, sample-samefileid.pcap
Attached sample contains two HTTP downloads of the same URL from the same client, but there are no guarantees that the files is actually the same (no Etags etc - in this case it actually is the same, but lets pretend they were different...). However the file analysis framework seems to give the same file ID in file_name and file_chunk for both downloads.
Think this is something to do with Range requests as doesn't happen if do "normal" HTTP requests.
--
This message was sent by Atlassian JIRA
(v6.4-OD-05-009#64003)
More information about the bro-dev
mailing list