[Bro-Dev] [JIRA] (BIT-1255) TCP reassembly issue
Jon Siwek (JIRA)
jira at bro-tracker.atlassian.net
Mon Mar 16 11:15:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19963#comment-19963 ]
Jon Siwek commented on BIT-1255:
--------------------------------
If anyone has arguments against increasing the default values of tcp_max_above_hole_without_any_acks and tcp_max_initial_window for 2.4 let me know, else I'll be doing the change.
> TCP reassembly issue
> --------------------
>
> Key: BIT-1255
> URL: https://bro-tracker.atlassian.net/browse/BIT-1255
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master, 2.3
> Environment: CentOS 6
> Reporter: Jimmy Jones
> Assignee: Jon Siwek
> Fix For: 2.4
>
> Attachments: out.pcap
>
>
> Been testing bro with some messy (but valid) TCP streams, using docker and netem (happy to upload a gist if people are interested).
> The attached file reassembles correctly in wireshark, but bro only gives the first 4069 bytes when extracted with the file analysis framework, and obviously the wrong hash (md5 is the URI).
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
More information about the bro-dev
mailing list