[Bro] modifying bro.init
Seth Hall
hall.692 at osu.edu
Thu Feb 4 07:00:43 PST 2010
On Feb 4, 2010, at 1:14 AM, Vern Paxson wrote:
> These comments confuse me. If a packet has an IP checksum error,
> then the
> DNS parser shouldn't even analyze the packet. However, turning on
> ignore_checksum=T will cause it to analyze the bad packet, so if
> anything
> it should give trouble rather than reduce trouble.
I left off the rest of my explanation for that statement. :) It seems
like almost everyone eventually runs Bro against a tracefile that was
captured on a NIC doing checksum offloading.
I know it happened to me and I had to find out how to ignore checksum
errors. I think I found out about how to disable checksum checks from
a post you made on the mailing list several years ago. ;)
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list