[Bro] TCP PUSH flag
nicolas.retrain at cea.fr
nicolas.retrain at cea.fr
Thu May 23 06:20:46 PDT 2013
Le 23/05/2013 15:07, Seth Hall a écrit :
> On May 23, 2013, at 5:16 AM, nicolas.retrain at cea.fr wrote:
>
>> I figure it out, it was a bad tcp checksum due to tcpdump (http://sokratisg.net/2012/04/01/udp-tcp-checksum-errors-from-tcpdump-nic-hardware-offloading/). I correct checksums with : "tcprewrite -i input.cap -o output.cap -C" so Bro seems to work find :)
> Were you using the 2.1 release or a build from our git repository? There is a reporter warning (that now prints to stderr if you're running the bro binary directly) that should indicate if your tracefile has bad checksums. I've been caught by that problem quite a few times myself before realizing that I had bad checksums.
Actually, I was using the 2.1.
I also tried the build from git, which helped me to discover bad
checksums thanks to the warning.
Nicolas
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
More information about the Bro
mailing list