[Bro] Bro bug?
scott mcallester
scott at 0x4c.com
Sun Jan 19 15:54:17 PST 2014
On Jan 19, 2014, at 12:38 PM, "Kellogg, Brian D (OLN)" <bkellogg at dresser-rand.com> wrote:
> 1390143593.839386 C3miqNnYs6FBw74c5 3.3.3.3 4235 4.4.4.4 80 tcp - 0.086147 1594489093 0 RSTOS0 T 0 SaR 2 88 1 40 (empty) - US so -eth0
This is actually a bug in Bro's handling of odd tcp sessions and it would be great to get a packet capture so we could fix this and work it into our test suite.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
I was also having this issue last week when trying to find internal hosts that had sent > 1gb to external hosts, see screenshot. http://0x4c.com/bro.png
Also here's a pcap of the first entry from the screenshot http://0x4c.com/bro4.29.pcap
Scott.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140120/ddd1eeed/attachment.html
More information about the Bro
mailing list