[Bro] Extracting content types of the HTTP responses

Po-Ching Lin pachinko.tw at gmail.com
Sun Oct 21 18:37:46 PDT 2012


Dear all,

Recently, we analyze the content types of the HTTP responses
in some traces. We find some content types are not accurately recorded
in the http.log. The attached PCAP file is an example. In the file, the
content type of the second response is "application/x-javascript," but
Bro (ver. 2.1) simply records "text/plain" for the response in the http.log.
Please suggest how we can make Bro record the accurate content type in
the log. Many thanks.

Po-Ching

-------------- next part --------------
A non-text attachment was scrubbed...
Name: bro_javascript.pcap
Type: application/octet-stream
Size: 3179 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121022/ce10bd5f/attachment.obj 


More information about the Bro mailing list