> On Jun 22, 2015, at 3:50 PM, Seth Hall <s...@icir.org> wrote: > > I’ve been noticing this message... > > 1232039469.548925 warning in ~/bro/scripts/base/misc/find-filtered-trace.bro, > line 48: The analyzed trace file was determined to contain only TCP control > packets, which may indicate it's been pre-filtered. By default, Bro reports > the missing segments for this type of trace, but the 'detect_filtered_trace' > option may be toggled if that's not desired. > > I have looked at the script yet, but I’ve seen it often enough with traces > that I generally think of as “normal” that I suspect there is something buggy > in the script. Anyone have any ideas?
Here’s some history of the decision to add that script if that’s what you’re looking for: https://bro-tracker.atlassian.net/browse/BIT-1119 But as far as whether the script actually miss-detects that situation, I also didn’t look closely enough to know — feel free to send pcaps if you still find the behavior fishy/not-obvious. - Jon _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
