about NLANR

Vern Paxson vern at icir.org
Mon Jun 2 23:39:52 PDT 2003


>    I used the trace file from NLANR to test Bro. But Bro does nothing but 
> report
> bad checksum.

That's because those traces don't have any packet contents.

> What should I do , to make trace file available to Bro?

You should first consider whether it will be useful to analyze them with
Bro, given a lack of contents.

If so, then "redef ignore_checksums = T" will turn off the checksum tests.

		Vern



More information about the Bro mailing list