TCP reassembly issue

Description

Been testing bro with some messy (but valid) TCP streams, using docker and netem (happy to upload a gist if people are interested).

The attached file reassembles correctly in wireshark, but bro only gives the first 4069 bytes when extracted with the file analysis framework, and obviously the wrong hash (md5 is the URI).

Environment

CentOS 6

Assignee

Jon Siwek

Reporter

Jimmy Jones

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure