[Bro] Bro terminates on its own in PCAP read mode
Jeremy Gin
jgin at utexas.edu
Mon Apr 3 22:54:35 PDT 2017
m_atk3_set0_t0.pcap
<https://drive.google.com/a/utexas.edu/file/d/0B2LZm9YbN6FOVEtLeDg2RUFiUGs/view?usp=drive_web>
Hello,
I am trying to run Bro in PCAP read mode on PCAPs that contain flooding
attacks created in a lab environment. I installed Bro from source and did
not modify the local.bro. The command I am using is:
"bro -r <name>.pcap -C local --time"
This returns the following output:
"WARNING: No Site::local_nets have been defined. It's usually a good idea
to define your local networks.
# initialization 2.756138
# initialization 59M/49M
Killed"
I have attached the PCAP. My initial reaction is that the PCAP is too big
as this happens to only PCAPs containing DOS attacks. However, the attached
PCAP is 69 MB and Bro successfully runs on other PCAPs that are around 73
MB. Can anyone explain why Bro is terminating itself?
Any insight you can provide is much appreciated.
Thanks,
Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170404/79523e83/attachment.html
More information about the Bro
mailing list