[Bro] Bro - File Extraction
Mehmet LEBLEBİCİ
mehmetleb at gmail.com
Wed May 11 01:41:01 PDT 2016
Hello all,
I am using Bro 2.4.1 and want to extract files seen on the network traffic.
For this i loaded extract-all-files.bro script in local.bro. However, it
does not completely extract files. It seems it stops extracting after some
point. This occurs for all file types. I looked at the files.log file and
see that total_bytes and seen_bytes fields are not same. I also checked
extract file size limit and there is no problem with that. Also, when i
save the traffic into a pcap file and issue bro -Cr pcapFile.pcap
...../extract-all-files.bro, it extracts files successfully. However, it
cannot do so in current/logs/extractFiles directory. I am kind of new to
Bro and i am stuck with this problem for about a week. So, any help will be
appreciated.
Thanks in advance,
Mehmet Leblebici
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160511/ef796faa/attachment.html
More information about the Bro
mailing list