[Bro] Relationship between custom protocol analyzer and weird log
Valerio
valerio.click at gmx.com
Tue Jun 27 09:14:46 PDT 2017
Hi all,
I am experiencing a strange behaviour in BRO that I am not able to
troubleshoot autonomously.
I developed a simple binary protocol analyzer that produces a log file
of type prot1.log.
If I run bro offline on a dedicated pcap it correctly outputs prot1.log
with the proper record.
If I run bro sniffing on an interface and I tcpreplay the pcap on the
sniffed interface I get weird.log with SYN_inside_connection warning.
Is weird preemting the application of my analyzer?
many thanks in advance,
Valerio
More information about the Bro
mailing list