[Bro] different file hash between downloaded file by ANALYZER_EXTRACT with original file
Seth Hall
seth at corelight.com
Wed Aug 9 19:51:04 PDT 2017
On Mon, Aug 7, 2017 at 3:29 AM, Myth Ren <email4myth at gmail.com> wrote:
> - bro extract file size is one byte bigger than my original file
> - or bro extract file the right size with my original file, but it's
> different MD5 value among these files
Ugh, that's not a good behavior.
> below is my test env, test steps and test result:
Could you capture traffic and replay that with Bro instead of sniffing
the interface directly? If you did that you could at least verify
that the problem is deterministically replicable and then we could
possibly look into the problem with you. I have several thoughts
about what the problem could be but they're ultimately fairly long
shots and could likely be wrong.
.Seth
--
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
More information about the Bro
mailing list