[Bro] Bro doesn't detect SSH version in local network
egoant495 at gmail.com
Wed Jun 21 07:37:12 PDT 2017
The offloading is disabled on both NIC's and the -C option also doesn't do
While reading pcap of a saved ssh traffic bro outputs a warning:
# /usr/local/bro/bin/bro -C -r /root/eth1-ssh.cap
1497975118.771257 warning: Stream SOrfileNrXm8iGmlR6 is already queued for
removal. Ignoring remove.
while on a pcap from the other interface:
# /usr/local/bro/bin/bro -C -r /root/eth0-ssh.cap
OpenSSH OpenSSH_6.0p1 Debian-4+deb7u3
2017-06-21 17:21 GMT+03:00 Azoff, Justin S <jazoff at illinois.edu>:
> > On Jun 21, 2017, at 8:45 AM, Anton Egorov <egoant495 at gmail.com> wrote:
> > Hi,
> > Bro somehow doesn't detect the SSH client version when listening on a
> local network interface.
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro