[Bro] source ip and destination ip have been swaped in bro logs

Ul Asad, Hafiz Hafiz.Ul-Asad.1 at city.ac.uk
Fri Oct 6 04:27:19 PDT 2017


I have noticed in my bor notices.log, that a for a connection, the source_ip and destination_ip, as well as the corresponding ports, have been swaped. Is there any explaination for it somewhere and how to find that for which connection bro does this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171006/21befae2/attachment.html 

More information about the Bro mailing list