[Bro] BRO gets Autorestarted or Killed
Christian Kreibich
christian at whoop.org
Thu Jul 27 09:24:32 PDT 2006
Hi,
On Thu, 2006-07-27 at 08:55 -0700, Anandraj wrote:
> Hi All,
>
> I m facing a strange problem .
> I made some changes to the BRO code to Detect Bittorrent Traffic , a
> simple implemenation of detecting Traffic on port 6881
> . I was able to detect bittorrent pkts on port 6881 on linux desktop PC.
> when i moved the same code base to a Transparent Bridge kinda of setup ,
> where the bittorrent traffic passes through the bridge .. ..I was facing
> some strange problems , like the bro process either get restarted when
> it gets a packet (any packet) or the process gets killed when it gets a
> packet .
please understand that in order for us to be able to help you, you'll
have to describe exactly what you mean by a transparent bridge "kind of"
setup, and how the main Bro process gets killed (by whom, is it a
segfault, etc). In terms of packet capture there's no technical
difference between running, say, tcpdump on an interface and Bro, so try
to see if that works well first.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list