[Bro] Problem with connections in S1 and SF state

Jan Grashöfer jan.grashoefer at gmail.com
Wed Apr 27 07:49:06 PDT 2016

Hi Sven,

> bro shows a connection from => (wrong!) in
> conn.log. If instead I read the pcap file using "bro -r", conn.log shows
> a connection from => (correct!).

Do both log lines differ only in receiver/originator? If there are
packets missing in your replayed test it is likely that there is an
issue with capturing the traffic.

Best regards,

More information about the Bro mailing list