[Bro] Problem with connections in S1 and SF state
jan.grashoefer at gmail.com
Wed Apr 27 07:49:06 PDT 2016
> bro shows a connection from 10.85.1.1 => 10.85.1.104 (wrong!) in
> conn.log. If instead I read the pcap file using "bro -r", conn.log shows
> a connection from 10.85.1.104 => 10.85.1.1 (correct!).
Do both log lines differ only in receiver/originator? If there are
packets missing in your replayed test it is likely that there is an
issue with capturing the traffic.
More information about the Bro