[Bro] weird: spontaneous_FIN problem for HTTP log
vern at icir.org
Thu Dec 23 09:06:15 PST 2010
> My command is "bro -r XXX.trace http-reply http-header". I can get log file
> if I use "bro -r XXX.trace mt", but the output log file is not http
> information and is not what I want.
Are you sure the trace has packet payloads? The other question is
whether it's unidirectional, as above_hole_data_without_any_acks indicates
the analyzer is only seeing one side of a connection (or is processing
a trace with heavy measurement loss).
If the above aren't the problem, then please send a snippet to me (or the list)
so we can see about reproducing what's going on.
More information about the Bro