HeartBeat: pcap_stats
ashley thomas
athomas at unity.ncsu.edu
Tue Jul 3 20:17:31 PDT 2001
Hi,
I am running bro.0.7a48 on OpenBSD 2.8.
The HeartBeat received packets is not correct. I think it is bacause
the pcap_stats call which the HeartBeat function makes is returning
the wrong values.
I wanted to confirm this so i ran bro as :
../bro -f "port imap" -i xl0 mt
(the network traffic did not have any imap traffic) but still the received
packets was showing the total number of packets originally on the network.
This problem is not there when i run bro on Linux (2.2.16)
On linux it gives the correct received packets (but linux has
a bug that it always returns the dropped packets as 0)
Has anyone seen this problem before. Any fixes/suggestions.
thanks a lot
-Ashley
More information about the Bro
mailing list