[Bro-Dev] [JIRA] (BIT-1538) capture loss and notice of `Conn::Content_Gap` are too many
LiJinmiao (JIRA)
jira at bro-tracker.atlassian.net
Sat Feb 20 17:57:00 PST 2016
[ https://bro-tracker.atlassian.net/browse/BIT-1538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24207#comment-24207 ]
LiJinmiao commented on BIT-1538:
--------------------------------
Oh, I'm sorry for my behaviour.
Thanks for you help
> capture loss and notice of `Conn::Content_Gap` are too many
> ------------------------------------------------------------
>
> Key: BIT-1538
> URL: https://bro-tracker.atlassian.net/browse/BIT-1538
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.4
> Environment: Dell R620
> Ubuntu 14.04.04 Server LTS + kde desktop
> pf_ring 6.2.0
> bro 2.4 with pf_ring
> Reporter: LiJinmiao
> Priority: High
> Labels: analyzer
> Attachments: capture_loss.log, files.log, http.log, notice.log, prof.log, reporter.log, stats.log, weird.log
>
>
> I use the bro to extract files from http stream.
> I installed bro with source code on ubuntu server 14.04. And I want to use virtual machine sandbox based on VirtualBox, so I installed desktop finally.
> My installation document is `https://www.bro.org/sphinx/configuration/index.html#installing-pf-ring`. But I didn't start bro by `broctl`. I just started bro with command `bro -i eth0 filextraction.bro`. And there are too many packet loss.
> Then I test the bro on another machine that has the same environment without desktop. And there is no packet loss.
> So I'm confused.
> By the way, the driver of nic is `igb`.
> And I can't understand the document of `https://www.bro.org/documentation/faq.html#how-can-i-reduce-the-amount-of-captureloss-or-dropped-packets-notices` clearly.
> Thanks for any help.
--
This message was sent by Atlassian JIRA
(v7.2.0-OD-01-031#72000)
More information about the bro-dev
mailing list