[Bro] Trouble with ASYMETRIC FTP traffic

Vern Paxson vern at icir.org
Wed Mar 14 20:10:30 PDT 2007

>   I am trying to analyze asymmetric (one sided) FTP traffic.

It's not clear what you mean by one-sided.  If you mean you only see either
the client side or the server side, unfortunately Bro rarely operates well
when faced with only half of the dialog in a connection.  Probably what's
failing is that there's no connection_established event because you're
not seeing a SYN/SYN-ACK exchange.


