[Bro] Forcing analyser on partial connections
sridhar.basam at gmail.com
Tue Jun 1 10:58:55 PDT 2010
On Tue, Jun 1, 2010 at 1:51 PM, Vern Paxson <vern at icir.org> wrote:
> > I have some very long lived http connections where the capture file
> > have the tcp setup packets. Is there a way to force the analyser to run
> > such partial connections?
> Which version of Bro are you using, and with what options? In 1.5.1, the
> settings are such that HTTP analysis should work on partial connections
> if you're not running with --use-binpac. (By default, this is indeed off.)
Thanks, i will upgrade to 1.5.1. I am currently using 1.4.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro