[Bro] Error in TCP data length calculation

Lothar Braun lothar at lobraun.de
Fri Jan 9 03:07:50 PST 2009


Hi all,

I tried to access the field tcp_hdr::dl in one of my bro scripts in
order to obtain the TCP payload length. But all the values calculated by
bro seemed to be way too big.

This is due to a missing ntohs() call on the total length field in the
IP-Header in Session.cc. I attached a patch against bro-1.4 that should
fix the problem.

Best regards,
  Lothar
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bropatch.diff
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090109/1bf07ce8/attachment.ksh 


More information about the Bro mailing list