[Bro] Quick question

Seth Hall seth at icir.org
Fri Mar 22 12:56:13 PDT 2013


On Mar 22, 2013, at 3:33 PM, James Lay <jlay at slave-tothe-box.net> wrote:

> 206.169.145.206 80      tcp     HTTP::MD5       x.x.x.x 
> 
> What's this telling me?  Usually there's something like Invalid Cert or 
> something like that in the notice.log to tell me why it hit, just wasn't 
> seeing the reason here.  Thank you.


I *hate* that notice and it will be going away in the 2.2 release.  The notice type is HTTP::MD5 in that line.  It's a hold over from how I implemented file hashing originally back in 2007 or so.  It should never have made it into a Bro release (let alone two!).

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/





More information about the Bro mailing list