[Bro] Bro132ipv6 can't detect data on tcp Syn ?

rmkml rmkml at free.fr
Thu Feb 21 01:27:39 PST 2008


Hi,
Im playing with bro, but Im not event if tcp Syn contains Data,
run bro with: ./bro132ipv6 -C -r broexampletcpsyncontainsdata.pcap -f 'ip or tcp or udp' bro.init weird
weird.log (and notice.log) file is created but zero size,
Anyone test with joigned pcap file please ?
Im tested with another pcap file and weird event (another event than "SYN_with_data")
Bro v1.3.2 (w or w/o ipv6) on linux redhat fedora core 7 i386.
Regards
Rmkml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: broexampletcpsyncontainsdata.pcap
Type: application/octet-stream
Size: 112 bytes
Desc: 
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080221/4d343f8d/attachment.obj 


More information about the Bro mailing list