[
https://bro-tracker.atlassian.net/browse/BIT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Seth Hall updated BIT-1119:
---------------------------
Attachment: signature.asc
We could probably do it similarly to how we're doing the detection of invalid
checksums by sampling weirds for a little bit. I also like this approach a
lot. I think that keeping the default settings of Bro working "correctly" in
the normal case is good, but it's awesome to be able to notify people when
things are failing and how they could fix it.
> topic/jsiwek/tcp-improvements
> -----------------------------
>
> Key: BIT-1119
> URL: https://bro-tracker.atlassian.net/browse/BIT-1119
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
> Affects Versions: git/master
> Reporter: Jon Siwek
> Fix For: 2.3
>
> Attachments: signature.asc
>
>
> This branch is in the bro, bro-testing, and bro-testing-private repos and has
> a few changes to improve reporting of TCP connection sizes and gaps (commit
> messages explain in more detail).
> The baseline changes in the external repos all seemed reasonable/explainable
> (or actually fix a problem). There's too much changed to go through
> case-by-case and actually check things, but I did do closer examinations of
> unique differences as I came across them (e.g. try to corroborate Bro results
> via wireshark). Then for those that seem to follow the same trend as
> something I already inspected, I wouldn't manually check.
--
This message was sent by Atlassian JIRA
(v6.2-OD-07-028#6211)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
