[Bro] conn history

Seth Hall seth at icir.org
Thu Nov 3 05:34:05 PDT 2016

> On Nov 3, 2016, at 8:14 AM, erik clark <philosnef at gmail.com> wrote:
> What does a history of - imply about a connection in conn.log? I have a significant number of conn events with that for a history, and I am wondering if this is possibly because of duplicate packets. Thanks!

I'm not sure off hand.  I checked some code and can't quite explain it.  Can you send me some of your conn log entries off list where you are seeing this?  I wonder if there are any other clues in the log.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list