[Bro] http_request event
bchen at cs.ucf.edu
bchen at cs.ucf.edu
Sun Jun 19 20:22:18 PDT 2005
Hi Vern,
You are right. The machine where Bro is running generated BAD_TCP_Checksum
packets. This is why I didn't see any tcp traffic sent by this machine. Do you
think which part causes this checksum problem: IC card or system driver? This
machine runs Fedora 3. Although it has this problem, I have used it for a long
time without any trouble. It seems Fedora system and Mozilla Firefox browser
ignore this checksum problem.
thank you for your help
Bing
Quoting Vern Paxson <vern at icir.org>:
> The next step is to record the traffic with tcpdump -w (using a snapshot
> of -s 0 to capture entire packets) and then run bro against the trace using
> bro -r trace rather than running it live. If it doesn't log any HTTP
> session information, look at the trace using tcpdump -v -v to see whether
> it *contains* any tcpdump traffic, and whether the traffic has valid
> checksums.
>
> Vern
>
More information about the Bro
mailing list