[Bro] Bro 2.5 Beta available
Azoff, Justin S
jazoff at illinois.edu
Sat Aug 20 19:08:03 PDT 2016
> On Aug 20, 2016, at 5:38 PM, rmkml <rmkml at ligfy.org> wrote:
>
> Thx all for awesome Bro project!
>
> Could you check if BIT-1562 (lock on old pcap file) fix is present on 2.5 beta version please ?
> (because first test repeat lock)
>
> Best Regards
> @Rmkml
Yes.. this was fixed back in May. What do you mean by "first test repeat lock" ? Which pcap did you test on which bro version?
[jazoff at bro-test tmp]$ bro --version
bro version 2.5-beta
[jazoff at bro-test tmp]$ time bro -r bro241lock.pcap
1243601416.209199 warning in /usr/local/bro/share/bro/base/misc/find-checksum-offloading.bro, line 54: Your trace file likely has invalid IP checksums, most likely from NIC checksum offloading. By default, packets with invalid checksums are discarded by Bro unless using the -C command-line option or toggling the 'ignore_checksums' variable. Alternatively, disable checksum offloading by the network adapter to ensure Bro analyzes the actual checksums that are transmitted.
real 0m1.157s
user 0m1.079s
sys 0m0.050s
[jazoff at bro-test tmp]$ time bro -C -r bro241lock.pcap
real 0m0.936s
user 0m0.863s
sys 0m0.048s
--
- Justin Azoff
More information about the Bro
mailing list