about NLANR
David Moore
dmoore at caida.org
Thu Jun 5 09:18:08 PDT 2003
On Thu, Jun 05, 2003 at 06:19:57PM +0800, Wang Shaofu wrote:
>
> >> I used the trace file from NLANR to test Bro. But Bro does nothing
> but
> >> report
> >> bad checksum.
> >
> >That's because those traces don't have any packet contents.
>
> But the checksum function seems do not check the checksum of contents,
> just the packet head.
the nlanr traces anonymize the ip addresses but do not update the
ip header checksum to reflect that change, so the checksum check will
fail in general.
-- david moore
More information about the Bro
mailing list