Hello,
I’m trying to extract all the files that transit through my network card over HTTP or FTP.
I have no problem with HTTP but with FTP files I get incomplete files.
In the capture_loss.log I see packet loss even when I run bro from a PCAP file (and wireshark did not miss packets).
The -C option is activated, I retrieve files with the default extraction script from the security-onion install (extract.bro). The file I’m trying to retrieve is a .exe (putty from the ftp download).
I tried to download another .exe over FTP and it worked, but my putty.exe can’t be extracted completely. I’m a bit confused.
Any idea how to retrieve my ftp files ? Maybe I forgot an option ?