[Bro] File Extraction wierdness

Seth Hall seth at icir.org
Wed Feb 10 08:07:48 PST 2016


> On Feb 9, 2016, at 11:09 PM, Seth Hall <seth at icir.org> wrote:
> 
> Could you capture some traffic that is giving you trouble and send it to me (offlist)?  It sounds to me like you're having packet loss issues, but I can't be sure without seeing the raw traffic.

Thanks for the data, I definitely see that it didn't extract correctly for you.  If I take the raw traffic and run Bro (git master) on it it extracts the file just fine.  What version of Bro are you running and what exactly is the command line you are running?  I'll show you what I ran...

bro -r bro.trace frameworks/files/extract-all-files

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list