Hello all,
I am using Bro 1.5. When i was using bro without support for CISCO HDLC data link type , I executed the cammand ,
linux-oxtm:~ # bro -r /usr/local/bro/090500-0-anon.pcap /usr/local/bro/share/bro/synflood.bro
It gives me following error.
bro: problem with trace file /usr/local/bro/090500-0-anon.pcap - unknown data link type 0x68
After that on the suggestion of my friend JUSTIN AZOFF made changes in Src/Pktsrc.cc and added support . CISCO HDLC uses the offset for data 5.
Then I executed the same command
linux-oxtm:~ # bro -r /usr/local/bro/090500-0-anon.pcap /usr/local/bro/share/bro/synflood.bro
The previous error gets vanished, and i get the different results, It a long listing so i pasted few lines.
weird: 1029340801.994057 non_IPv4_packet
weird: 1029340801.994062 non_IPv4_packet
weird: 1029340801.994066 non_IPv4_packet
weird: 1029340801.994071 non_IPv4_packet
weird: 1029340801.994077 non_IPv4_packet
weird: 1029340801.994085 non_IPv4_packet
weird: 1029340801.994091 non_IPv4_packet
weird: 1029340801.994107 non_IPv4_packet
weird: 1029340801.994110 non_IPv4_packet
weird: 1029340801.994112 non_IPv4_packet
weird: 1029340801.994127 non_IPv4_packet
weird: 1029340801.994134 non_IPv4_packet^C
1029340801.994134 received termination signal