[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: [Bro] Relationship between custom protocol analyzer and weird log
From: Valerio <valerio.click () gmx ! com>
Date: 2017-06-27 16:14:46
Message-ID: d42ca199-4fc3-887e-84f1-553eaaddeffc () gmx ! com
[Download RAW message or body]
Hi all,
I am experiencing a strange behaviour in BRO that I am not able to
troubleshoot autonomously.
I developed a simple binary protocol analyzer that produces a log file
of type prot1.log.
If I run bro offline on a dedicated pcap it correctly outputs prot1.log
with the proper record.
If I run bro sniffing on an interface and I tcpreplay the pcap on the
sniffed interface I get weird.log with SYN_inside_connection warning.
Is weird preemting the application of my analyzer?
many thanks in advance,
Valerio
_______________________________________________
Bro mailing list
bro@bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic