[Bro] Bro 2.5.5 Duplicate UIDs

[MAÁN ABU SHAQRA]

Hi,


were facing this issue with bro whereby its duplicating entries see below:

1536746459.586520 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39011 - maanpc 1 C_INTERNET 32 NB F

1536746460.343566 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39011 - maanpc 1 C_INTERNET 32 NB F

1536746461.107930 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39011 - maanpc 1 C_INTERNET 32 NB F

1536746466.418528 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39013 - maanpc 1 C_INTERNET 32 NB F

1536746467.176333 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39013 - maanpc 1 C_INTERNET 32 NB F

1536746467.940695 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39013 - maanpc 1 C_INTERNET 32 NB F

1536746473.250630 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39017 - maanpc 1 C_INTERNET 32 NB F

1536746474.010337 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39017 - maanpc 1 C_INTERNET 32 NB F

1536746474.773560 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39017 - maanpc 1 C_INTERNET 32 NB F

1536746452.751762 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39009 - maanpc 1 C_INTERNET 32 NB F

1536746453.510702 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39009 - maanpc 1 C_INTERNET 32 NB F

1536746454.275116 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39009 - maanpc 1 C_INTERNET 32 NB F


there was like 40% dropped packets ive configured pf_ring and af_packet and managed to get less than 1% packets dropped. however im still seeing duplicated packets mostly in DNS.


please advise


thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180930/0fc551f7/attachment.html