Thanks for the data, I definitely see that it didn't extract correctly for you. If I take the raw traffic and run Bro (git master) on it it extracts the file just fine. What version of Bro are you running and what exactly is the command line you are running? I'll show you what I ran...
bro -r bro.trace frameworks/files/extract-all-files
I am building my bro recursively from Git master as well, and using the same arguments as you.
For some reason I now extract only a single file using Bro (no longer any corrupted ones)... but there are over 30 files in that trace that are able to be extracted with Wireshark.
Is the format in this trace somehow preventing proper reassembly with Bro?
Blake Mackey, CD
SLt | ens 1
Royal Military College of Canada | collège militaire royal du Canada
(613)331-6438