about NLANR
Wang Shaofu
wsffree at hotmail.com
Thu Jun 5 03:19:57 PDT 2003
> > I used the trace file from NLANR to test Bro. But Bro does nothing
but
> > report
> > bad checksum.
>
>That's because those traces don't have any packet contents.
But the checksum function seems do not check the checksum of contents,
just the packet head.
>
> > What should I do , to make trace file available to Bro?
>
>You should first consider whether it will be useful to analyze them with
>Bro, given a lack of contents.
I see the stepping.bro is using the ON/OFF algorithm, when report "time".
I have a novel way to detect connection pair! And I want to compare my
algorithm
with the ON/OFF. :)
>
>If so, then "redef ignore_checksums = T" will turn off the checksum tests.
Have nice day!
-- cloud
_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
More information about the Bro
mailing list