[Bro] broccoli tests
Christian Kreibich
christian at whoop.org
Sun Jun 12 18:41:17 PDT 2005
Hi Mike,
after looking at this debugging output I can say for sure that the TCP
connection between broping and Bro got established successfully. broping
is starting up and beginning its part of the Bro-level connection
handshake, but it never receives anything from Bro: it tries to read
data until the handshake timeout goes off in which case it returns the
failure.
So we need to figure out why your Bro does not send anything back -- I
currently have no idea why that would be the case. Can you please build
Bro in debugging mode (--enable-debug at configure time), and run it
with "-B serial,comm" and send me all of the resulting Bro logs? Thanks.
On Tue, 2005-06-07 at 12:07 -0500, Mike Muratet wrote:
> Christian
>
> Following your advice, I have made broping or broping-record the start
> policy and these load fine. (I'll sweat the startup issues later.) I have
> tested all 4 combinations of broping/broping -r and broping/broping-record
> (not really understanding the differences at this point). The debug output
> is attached. Also attached is the tcpdump in case it's of any use. I don't
> see anything I recognize as a problem, but then again I have all the
> expertise of a bag of hammers. ;-)
>
> Thanks
>
> Mike
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list