[Bro] Extract files not authentic copy of file
Seth Hall
seth at corelight.com
Thu Feb 22 10:07:29 PST 2018
Are you having any trouble with dropped packets? If you are dropping a
lot of packets, it's possible for your extracted files to be
problematic.
.Seth
On 21 Feb 2018, at 1:32, Ambros Novak wrote:
> Hello,
>
> The configuration is extracting certain file types but the files that
> are extracted are not authentic replications of the files in the
> stream. The hashes do no match the real files at the user’s
> endpoint. Upon inspecting the extracted files there seems to be
> mismatched and duplicated streams.
>
> How can this be corrected? I would like the extracted files to be
> exactly what the user would download.
>
> Thank you kindly for your help.
>
> Ambros
>
> ——
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list