I m facing a strange problem .
I made some changes to the BRO code to Detect Bittorrent Traffic , a
simple implemenation of detecting Traffic on port 6881
. I was able to detect bittorrent pkts on port 6881 on linux desktop PC.
when i moved the same code base to a Transparent Bridge kinda of setup ,
where the bittorrent traffic passes through the bridge .. ..I was facing
some strange problems , like the bro process either get restarted when
it gets a packet (any packet) or the process gets killed when it gets a
packet .
I m facing a strange problem .
I made some changes to the BRO code to Detect Bittorrent Traffic , a
simple implemenation of detecting Traffic on port 6881
. I was able to detect bittorrent pkts on port 6881 on linux desktop PC.
when i moved the same code base to a Transparent Bridge kinda of setup ,
where the bittorrent traffic passes through the bridge .. ..I was facing
some strange problems , like the bro process either get restarted when
it gets a packet (any packet) or the process gets killed when it gets a
packet .
please understand that in order for us to be able to help you, you'll
have to describe exactly what you mean by a transparent bridge "kind of"
setup, and how the main Bro process gets killed (by whom, is it a
segfault, etc). In terms of packet capture there's no technical
difference between running, say, tcpdump on an interface and Bro, so try
to see if that works well first.