[Bro] Bro 2.5 Beta available
rmkml
rmkml at ligfy.org
Mon Aug 22 12:19:39 PDT 2016
Thx Justin,
I am wrong, it's my bad, sorry for noise.
Happy Bro Testing
@Rmkml
On Sun, 21 Aug 2016, Azoff, Justin S wrote:
>
>> On Aug 20, 2016, at 5:38 PM, rmkml <rmkml at ligfy.org> wrote:
>>
>> Thx all for awesome Bro project!
>>
>> Could you check if BIT-1562 (lock on old pcap file) fix is present on 2.5 beta version please ?
>> (because first test repeat lock)
>>
>> Best Regards
>> @Rmkml
>
> Yes.. this was fixed back in May. What do you mean by "first test repeat lock" ? Which pcap did you test on which bro version?
>
> [jazoff at bro-test tmp]$ bro --version
> bro version 2.5-beta
>
> [jazoff at bro-test tmp]$ time bro -r bro241lock.pcap
> 1243601416.209199 warning in /usr/local/bro/share/bro/base/misc/find-checksum-offloading.bro, line 54: Your trace file likely has invalid IP checksums, most likely from NIC checksum offloading. By default, packets with invalid checksums are discarded by Bro unless using the -C command-line option or toggling the 'ignore_checksums' variable. Alternatively, disable checksum offloading by the network adapter to ensure Bro analyzes the actual checksums that are transmitted.
>
> real 0m1.157s
> user 0m1.079s
> sys 0m0.050s
>
> [jazoff at bro-test tmp]$ time bro -C -r bro241lock.pcap
>
> real 0m0.936s
> user 0m0.863s
> sys 0m0.048s
>
> --
> - Justin Azoff
>
>
More information about the Bro
mailing list