[Bro] Artificial SYN-Packets?
Lothar Braun
lothar at lobraun.de
Mon Jun 8 07:49:31 PDT 2009
Hi Vern,
Vern Paxson wrote:
> A bunch of the packets have bad TCP checksums. This is likely the problem -
> the event engine is discarding them on that account.
Thank you for the quick reply.
All the packets have bad checksums, because I padded them with
tcprewrite and forgot to use the fix checksum option. I therefore used
bro -C to disable checksum testing when I ran my script (bro actually
would have discarded these packets without -C). So I don't think this is
the source of the problem.
To make sure, I fixed the checksums with tcprewrite (see attached pcap)
and still get the same problem.
Best regards,
Lothar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: example-fixed.pcap
Type: application/octet-stream
Size: 2057 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090608/f62a9f19/attachment.obj
More information about the Bro
mailing list