(no subject)

Hello Bro developers and users,

I’m new to Bro but I’m thinking about using it in my thesis research. So far the installation of 1.3.2 and 1.2.1 has gone well.

As a test I ran bro against trace1.tcpdump and buffer-overflow-attack.tcpdump which worked fine. Next I created a tcpdump file using tcpdump -w test.out. Tcpdump captured several packets. When bro is ran against this file it kicks out an error:

command given: bro -r test.out tcp

error returned:

line 1: warning: event handlers never invoked:
line 1: warning: account_tried

Is there a trick to creating the tcpdump files?

Running FreeBSD 6.2 with libpcap 0.97
Used root for all commands.
$PATH is updated with /usr/local/bro/bin

setenv BROPATH /usr/local/bro/policy:/usr/local/bro/site
setenv BRO_DNS_FAKE 1

Any explanation you can share about this error would be great.
Thanks.

v/r
Thomas Tenhunen
Naval Postgraduate School
Code 368-SFS
ttenhune@nps.edu

On Fri, Oct 05, 2007 at 09:53:00AM -0700, Tenhunen, Thomas (CIV) composed:

Hello Bro developers and users,

I'm new to Bro but I'm thinking about using it in my thesis research. So far the installation of 1.3.2 and 1.2.1 has gone well.

As a test I ran bro against trace1.tcpdump and buffer-overflow-attack.tcpdump which worked fine. Next I created a tcpdump file using tcpdump -w test.out. Tcpdump captured several packets. When bro is ran against this file it kicks out an error:

Do tcpdump -w test.out -s 0
so it captures whole packets

By default, tcpdump only grabs headers.

This is actually not an error but just a warning which you can
typically ignore. See if Bro created any output in conn.log.

Robin