Bro132ipv6 can't detect data on tcp Syn ?

rmkml · February 21, 2008, 9:27am

Hi,
Im playing with bro, but Im not event if tcp Syn contains Data,
run bro with: ./bro132ipv6 -C -r broexampletcpsyncontainsdata.pcap -f 'ip or tcp or udp' bro.init weird
weird.log (and notice.log) file is created but zero size,
Anyone test with joigned pcap file please ?
Im tested with another pcap file and weird event (another event than "SYN_with_data")
Bro v1.3.2 (w or w/o ipv6) on linux redhat fedora core 7 i386.
Regards
Rmkml

broexampletcpsyncontainsdata.pcap (112 Bytes)

Vern · February 21, 2008, 4:17pm

weird.log (and notice.log) file is created but zero size,

Looks like this is a bug in the connection compressor. If you run with
use_connection_compressor=F then the weird is correctly generated.

Vern

Topic		Replies	Views
resp_bytes bug Zeek	1	90	May 6, 2022
dump files, loopback Zeek	1	62	May 6, 2022
(no subject) Zeek	2	97	May 6, 2022
Artificial SYN-Packets? Zeek	5	89	May 6, 2022
Issue with small pcap files and -r Zeek	6	144	May 6, 2022

Bro132ipv6 can't detect data on tcp Syn ?

Related topics