[Bro] File Extraction wierdness
Blake Mackey
Blake.Mackey at rmc.ca
Wed Feb 10 09:36:53 PST 2016
> Thanks for the data, I definitely see that it didn't extract correctly for you. If I take the raw traffic and run Bro (git master) on it it extracts the file just fine. What version of Bro are you running and what exactly is the command line you are running? I'll show you what I ran...
>
> bro -r bro.trace frameworks/files/extract-all-files
I am building my bro recursively from Git master as well, and using the same arguments as you.
For some reason I now extract only a single file using Bro (no longer any corrupted ones)... but there are over 30 files in that trace that are able to be extracted with Wireshark.
Is the format in this trace somehow preventing proper reassembly with Bro?
Blake Mackey, CD
SLt | ens 1
Royal Military College of Canada | collège militaire royal du Canada
(613)331-6438
More information about the Bro
mailing list