[Bro] is there a bro script to ignore duplicated logs?
MAÁN ABU SHAQRA
maanamen at hotmail.com
Thu Oct 18 07:05:31 PDT 2018
No I didn’t upload a pcap, the provided pcaps on the website show duplicate dns UIDs. I suspect that it’s a duplicated packets issue as I’ve analyzed some traffic on wireshark and it had no duplicates.
I’d appreciate it if anyone can assist with this,
Thanks
MA’AN ABUSHAQRA
Dubai, UAE
> On Oct 18, 2018, at 6:00 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
>
>> On Oct 18, 2018, at 9:58 AM, MAÁN ABU SHAQRA <maanamen at hotmail.com> wrote:
>>
>> Hi Justin,
>>
>> It is actually set as af_packet::em1
>
>
> Oh :(
>
> What did you mean by
>
>> ive also checked the http://try.bro.org/ and ran the exercies , and found the same issue.
>
> Do you mean you uploaded a pcap file and that showed the same duplicated logs?
> If so, how did you obtain that pcap?
>
>
> —
> Justin Azoff
>
More information about the Bro
mailing list