[
https://bro-tracker.atlassian.net/browse/BIT-854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14633#comment-14633
]
Seth Hall commented on BIT-854:
-------------------------------
I think the real question with this is what level of support we provide to
"dumping" packets in Bro? Right now it's not something we consider much or put
much effort into validating that it works correctly. I'm going to remove the
milestone from this because it's possible that we address the issue later
either by having timemachine actually dump the packets or from further work on
protocol analysis through the upcoming binpac++ integration.
> problem with VLAN/MPLS packet dumping
> -------------------------------------
>
> Key: BIT-854
> URL: https://bro-tracker.atlassian.net/browse/BIT-854
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Jon Siwek
>
> report from Carsten Langer:
> {noformat}
> By the way: you have in my opinion a problem with packet dumping. If the
> trace contains VLAN or MPLS, you strip off VLAN/MPLS and if then you
> dump the packet, then the dumped trace is missing the Ethernet header
> for these packets, while the Ethernet header is still there for packets
> which did not have VLAN/MPLS. My previous GTP-detunneling did the same
> mistake, now I have introduced a fake Ethernet header so that if the
> packet is dumped, is still has its Ethernet header.
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
