[Bro] Extract complete files
Frank Meier
franky.meier.1 at gmx.de
Wed May 13 07:46:00 PDT 2015
Hi Albert,
it's hard to help without any context, so just some hints: It took me
some time to find the -C switch to ignore wrong checksums in bro.
Without it the traffic did not reach the extraction layer. Also it's
always a good idea to compare bro with other tools. Make sure wireshark
does show the complete http session.
Franky
On Di, Mai 12, 2015 at 7:12 , Albert Zaharovits
<albert.zaharovits at gmail.com> wrote:
> Hello,
>
> I am experimenting with the Files framework in bro 2.4 beta. I would
> like to extract HTTP files, *without* missing_bytes.
> Can anyone please help me on this?
>
> Thanks,
> Albert
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150513/71d2ab88/attachment.html
More information about the Bro
mailing list