[Bro] http.log mime_type miss match

김희철 hckim at narusec.com
Wed Jun 11 01:58:59 PDT 2014


Hi every one

I am testing some of the music streaming service and found one of them miss
matching mime_type compare to Wireshark.

wireshark's type is audio/mpeg  but bro http.log is text/plain

is it bro2.1 is outputting wrong type or do I have to write custom bro
script?



this is the bro 2.1 http.log :

Jun 10 09:20:29 6a7HgNEZlOb 192.X.X.X 53796 8.20.213.33 80 1 POST
stream66c-he.grooveshark.com /stream.php
http://grooveshark.com/static/JSQueue_20140421162423.swf Mozilla/5.0
(Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/35.0.1916.114 Safari/537.36 104 10296924 200 OK - - - (empty) - - -
text/plain - -


this is the Wireshark screenshot link

http://ex.narusec.com/data/public/2b0474.php


and this is the pcap file (it's about 733MB)

http://ex.narusec.com/data/public/23fac8.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140611/c4bbce47/attachment.html 


More information about the Bro mailing list