[Bro-Dev] Find filtered traces?
Seth Hall
seth at icir.org
Mon Jun 22 13:50:13 PDT 2015
I’ve been noticing this message...
1232039469.548925 warning in ~/bro/scripts/base/misc/find-filtered-trace.bro, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired.
I have looked at the script yet, but I’ve seen it often enough with traces that I generally think of as “normal” that I suspect there is something buggy in the script. Anyone have any ideas?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20150622/d87d2c4a/attachment.bin
More information about the bro-dev
mailing list