[Bro] truncated packets
Slagell, Adam J
slagell at illinois.edu
Wed Aug 7 11:30:38 PDT 2013
See http://comments.gmane.org/gmane.comp.security.detection.bro/3168
On Aug 7, 2013, at 1:29 PM, Adam J. Slagell <slagell at illinois.edu<mailto:slagell at illinois.edu>> wrote:
You may try turning off the checksum verification.
On Aug 7, 2013, at 1:13 PM, Laleh Arshadi <la_arshadi at yahoo.com<mailto:la_arshadi at yahoo.com>>
wrote:
Dear All,
I know that Bro can analyze offline traffic with its -r option but I wonder if it can analyze the traffic contains truncated packets? I remember a few years ago when I run old versions of Bro on the MAWI traffic, it didn't work properly since the packets were all truncated at 54 bytes. Maybe this has changed in the newer versions?
Regards
Laleh
_______________________________________________
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
------
Adam J. Slagell
Chief Information Security Officer
Sr. Research Scientist
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
www.slagell.info<http://www.slagell.info/>
"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
------
Adam J. Slagell
Chief Information Security Officer
Sr. Research Scientist
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
www.slagell.info<http://www.slagell.info>
"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130807/ba004eee/attachment.html
More information about the Bro
mailing list