Hi all,
I am experiencing a strange behaviour in BRO that I am not able to
troubleshoot autonomously.
I developed a simple binary protocol analyzer that produces a log file
of type prot1.log.
If I run bro offline on a dedicated pcap it correctly outputs prot1.log
with the proper record.
If I run bro sniffing on an interface and I tcpreplay the pcap on the
sniffed interface I get weird.log with SYN_inside_connection warning.
Is weird preemting the application of my analyzer?
many thanks in advance,
Valerio