[Bro] Error in TCP data length calculation
Lothar Braun
lothar at lobraun.de
Fri Jan 9 03:07:50 PST 2009
Hi all,
I tried to access the field tcp_hdr::dl in one of my bro scripts in
order to obtain the TCP payload length. But all the values calculated by
bro seemed to be way too big.
This is due to a missing ntohs() call on the total length field in the
IP-Header in Session.cc. I attached a patch against bro-1.4 that should
fix the problem.
Best regards,
Lothar
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bropatch.diff
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090109/1bf07ce8/attachment.ksh
More information about the Bro
mailing list