[Bro] tx_hosts and rx_hosts in files.log
ali at ashemery.com
Mon Jun 1 03:07:19 PDT 2015
You're welcome. Hope it will be corrected soon.
On Mon, Jun 1, 2015 at 12:35 AM, Vlad Grigorescu <vlad at grigorescu.org>
> Thanks for the bug report. Looks like this comes from the assumption made
> On Sat, May 30, 2015 at 2:16 PM, Ali Hadi <ali at ashemery.com> wrote:
>> If you use the PCAP below and analyze it using Bro:
>> Then when checking the files.log, the tx_hosts is supposed to show the
>> host who transmitted the file, and rx_hosts is for the host who received
>> the file based on Bro's documentation:
>> If you do the following:
>> cat files.log | bro-cut fuid tx_hosts rx_hosts | grep <ID OF THE LEAKED
>> PDF FILE>
>> You'll get that the TX Host IP (SrcIP) is 192.168.121.176 and
>> not 192.168.121.179 !!!
>> Is there something I'm doing wrong, or has bro switched their positions
>> in the output?
>> Thanks in advance,
>> Bro mailing list
>> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro