[Bro] HTTP and unmatched_HTTP_reply
vern at icir.org
Wed Oct 31 13:03:06 PDT 2007
> When running bro (1.3.2), I get several 'unmatched_HTTP_reply'
> statements, and looking at the output in http.log I get several
> '<unknown request>'. I then printed out the conn_id for these
> requests, then did a random sampling of those within the pcap. All
> of the sessions looked ok, as in no different then the successfully
> matched request/reply flows. What might cause these unmatched replies?
> bro -r my.pcap http http-request http-reply http-body
Any chance you could send us my.pcap?
More information about the Bro