[Bro] File Extraction wierdness

Blake Mackey Blake.Mackey at rmc.ca
Tue Feb 9 18:33:38 PST 2016


I am having issues getting garbled file extractions from both live interfaces and traces.
Smaller files appear unaffected, but the larger the file, the greater chance of it being extracted incorrectly with Bro.

Is this normal behaviour? Or is Bro relatively bulletproof when it comes to file extraction?

Steps taken already:
Viewing wierd and notice logs, nothing stands out as abnormal.
Disabled all offloading of the NIC. No change.
Running a frameworks/files/extract-all-files.bro by itself. No change.
Running the packet loss script to determine if packets are being lost. 0.0% packet loss detected.

Could anyone suggest alternative things I can try to resolve this?

Thanks in advance!


Blake Mackey, CD
SLt | ens 1
Royal Military College of Canada | collège militaire royal du Canada
(613)331-6438

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160210/1dbc3904/attachment.html 


More information about the Bro mailing list