[Bro] Extract complete files

Frank Meier franky.meier.1 at gmx.de
Wed May 13 07:46:00 PDT 2015


Hi Albert, 

it's hard to help without any context, so just some hints: It took me 
some time to find the -C switch to ignore wrong checksums in bro. 
Without it the traffic did not reach the extraction layer. Also it's 
always a good idea to compare bro with other tools. Make sure wireshark 
does show the complete http session. 


Franky 

On Di, Mai 12, 2015 at 7:12 , Albert Zaharovits 
<albert.zaharovits at gmail.com> wrote:
> Hello,
> 
> I am experimenting with the Files framework in bro 2.4 beta. I would 
> like to extract HTTP files, *without* missing_bytes.
> Can anyone please help me on this?
> 
> Thanks,
> Albert
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150513/71d2ab88/attachment.html 


More information about the Bro mailing list