[Bro] long SSH connection in conn.log
sven at dreyer-net.de
Thu Sep 3 15:08:56 PDT 2015
I started an SSH connection in my LAN on 3:32pm which lasted until
07:04pm - so we're talking about an SSH session lasting 3 1/2 hours.
In my conn.log files, I find this single SSH connection as 5 connections:
1) conn_state S1, service ssh
2-4) conn_state OTH, service -
5) conn_state SF, service -
Bro was started before the SSH connection was initiated, so I'd expect a
single conn.log entry to be written when I disconnect. Or did I get
something wrong here?
More information about the Bro