[Bro] weird: spontaneous_FIN problem for HTTP log
buptmazhen at gmail.com
Thu Dec 23 00:12:05 PST 2010
I've captured a HTTP packet file using tcpdump. But when I read it with bro,
it shows message as following and I can't get log file:
1271639268.624587 weird: spontaneous_FIN
1271639268.624655 weird: spontaneous_FIN
1271639268.624759 weird: spontaneous_FIN
1271639277.565623 weird: above_hole_data_without_any_acks
1271639281.963865 weird: spontaneous_FIN
1271639282.625769 weird: above_hole_data_without_any_acks
1271639283.776172 weird: spontaneous_FIN
My command is "bro -r XXX.trace http-reply http-header". I can get log file
if I use "bro -r XXX.trace mt", but the output log file is not http
information and is not what I want.
Will anyone help me to fix this?
Tsinghua University, Beijing
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro