[Bro] TCP PUSH flag

nicolas.retrain at cea.fr nicolas.retrain at cea.fr
Thu May 23 02:16:24 PDT 2013


Le 22/05/2013 07:44, Vern Paxson a écrit :
>> H flag. How does BRO deal
>> with PUSH flag? Could the problem come from this?
> It ignores it, so the problem is something else.
>
> 		Vern
|I figure it out, it was a bad tcp checksum due to tcpdump 
(http://sokratisg.net/2012/04/01/udp-tcp-checksum-errors-from-tcpdump-nic-hardware-offloading/). 
I correct checksums with : "tcprewrite -i input.cap -o output.cap -C" so 
Bro seems to work find :)

Nicolas
|
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130523/e1e01c9a/attachment.html 


More information about the Bro mailing list