[
https://bro-tracker.atlassian.net/browse/BIT-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19963#comment-19963
]
Jon Siwek commented on BIT-1255:
--------------------------------
If anyone has arguments against increasing the default values of
tcp_max_above_hole_without_any_acks and tcp_max_initial_window for 2.4 let me
know, else I'll be doing the change.
> TCP reassembly issue
> --------------------
>
> Key: BIT-1255
> URL: https://bro-tracker.atlassian.net/browse/BIT-1255
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master, 2.3
> Environment: CentOS 6
> Reporter: Jimmy Jones
> Assignee: Jon Siwek
> Fix For: 2.4
>
> Attachments: out.pcap
>
>
> Been testing bro with some messy (but valid) TCP streams, using docker and
> netem (happy to upload a gist if people are interested).
> The attached file reassembles correctly in wireshark, but bro only gives the
> first 4069 bytes when extracted with the file analysis framework, and
> obviously the wrong hash (md5 is the URI).
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
