[Bro] impossibly large packets
Seth Hall
seth at icir.org
Mon Feb 11 12:32:02 PST 2013
On Feb 11, 2013, at 3:14 PM, Tim Ray <tray at 21ct.com> wrote:
> Does Bro have any way to handle corrupt packets that appear to be impossibly large? When we get those in our setup, it hangs. Thanks.
You're going to have to define "impossibly large". Could you also describe more what you mean when you say it hangs too?
�
Just a pre-guess though… Do you have any NIC features enabled for extended packet handling?
http://securityonion.blogspot.com/2011/10/when-is-full-packet-capture-not-full.html
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list