BRO gets Autorestarted or Killed

Hi All,

I m facing a strange problem .
I made some changes to the BRO code to Detect Bittorrent Traffic , a
simple implemenation of detecting Traffic on port 6881
. I was able to detect bittorrent pkts on port 6881 on linux desktop PC.
when i moved the same code base to a Transparent Bridge kinda of setup ,
where the bittorrent traffic passes through the bridge .. ..I was facing
some strange problems , like the bro process either get restarted when
it gets a packet (any packet) or the process gets killed when it gets a
packet .

Could someone help me out on this ?

Thanks,
Anand

Hi,

Hi All,

I m facing a strange problem .
I made some changes to the BRO code to Detect Bittorrent Traffic , a
simple implemenation of detecting Traffic on port 6881
. I was able to detect bittorrent pkts on port 6881 on linux desktop PC.
when i moved the same code base to a Transparent Bridge kinda of setup ,
where the bittorrent traffic passes through the bridge .. ..I was facing
some strange problems , like the bro process either get restarted when
it gets a packet (any packet) or the process gets killed when it gets a
packet .

please understand that in order for us to be able to help you, you'll
have to describe exactly what you mean by a transparent bridge "kind of"
setup, and how the main Bro process gets killed (by whom, is it a
segfault, etc). In terms of packet capture there's no technical
difference between running, say, tcpdump on an interface and Bro, so try
to see if that works well first.

Cheers,
Christian.

Can you send me a small trace captured on the bridge with tcpdump
(e.g., just one short connection)?

Robin