[Bro] different file hash between downloaded file by ANALYZER_EXTRACT with original file

[Seth Hall]

Myth Ren wrote:
> everyone who has interesting with this problem could do some test with
> that bro script, but remember to sniffing traffic directly from interface. 

If you are only seeing the problem when sniffing from an interface, it's
likely that the problem is actually that you are dropping packets.  When
you sniff from an interface, what is your traffic rate that is being
monitored?

  .Seth

-- 
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com