Missing last TCP segment

Description

Possibly related to BIT-1240, I've got a sample (attached) where the penultimate TCP segment of the http response is missing.

Using the file analysis framework I'm extracting the payload, but I don't get any of the last segment. Without the fix in additionally the NULL padding for the missing packets happens in the wrong place.

Used the following bro script:

event file_new(f: fa_file)
{ Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=f$id]); }

Environment

CentOS 6

Assignee

Unassigned

Reporter

Jimmy Jones

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure