[Bro] Trouble with ASYMETRIC FTP traffic
vern at icir.org
Wed Mar 14 20:10:30 PDT 2007
> I am trying to analyze asymmetric (one sided) FTP traffic.
It's not clear what you mean by one-sided. If you mean you only see either
the client side or the server side, unfortunately Bro rarely operates well
when faced with only half of the dialog in a connection. Probably what's
failing is that there's no connection_established event because you're
not seeing a SYN/SYN-ACK exchange.
More information about the Bro