[Bro] Bro performance issues
Seth Hall
seth at icir.org
Sun Oct 30 21:27:21 PDT 2011
On Oct 30, 2011, at 5:46 AM, Tomer Teller wrote:
> event new_packet (c: connection,p: pkt_hdr)
> Nothing helps, Bro does not see all the packets.
> Any ideas what is the problem?
If I remember correctly, the new_packet event is only fired for IPv4 packets. Internally it can't deal with IPv6 packets but it also doesn't work with non-IP packets. Do the numbers you're getting match the number of IPv4 packets in your traffic trace file?
.SEth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list