Detect-tor.bro not detecting traffic in live network

[binups]

Hi,
I tried the detect-tor.bro script security onion system for capturing tor packets, but its not capturing any tor packets

followed steps 1) added the script in /nsm/bro/share/bro/policy/frameworks/files/ path 2) loaded the script into local.bro script 3 ) in broctl i ,executed check, install , restart commands 4) created the tor traffic using tor browser

[sethhall]

You need to give more information. A packet capture would be ideal.

[binups]

followed steps in security onion

1. added the script in /nsm/bro/share/bro/policy/frameworks/files/ path
2. loaded the script into local.bro script 3 ) in broctl i ,executed check, install , restart commands
3. created the tor traffic using tor browser

[sethhall]

I suspect you just aren't tripping the thresholds defined in that script. Please read through the variables in the export section, you will probably need a bit more activity than you are doing. Again, a packet capture would be ideal.

[binups]

Hmm i think my tor packets generating area have problem , you have any idea about how to create tor traffic

[binups]

Hi, Thank you my new local setup its working fine with out changing any tor_cert_threshold value , now we are testing with live network setup , the packets will come from outside the network and , we know tor packets are coming to my network , but its not detecting Tor using this script do we need extra cases to add ? or any other bro script are there ? and you know any tor related extra logic's ? Thank you