[Bro-Dev] Weird behavior in Katrina's code.
Katrina LaCurts
katrina at csail.mit.edu
Wed Dec 8 14:36:46 PST 2010
This was tricky to track down. Basically, I had screwed up the connection state when doing a check for un-acked data after a reset. It's now correct, and conn.log should have the expected output.
On Dec 2, 2010, at 4:19 PM, Boris Nechaev wrote:
> On 12/01/2010 07:23 PM, Vern Paxson wrote:
>>> 1266506673.653157 ip1 port1 ip2 port2 60 0 888448966 0 S
>>> 1266506673.653530 ip2 port2 ip1 port1 40 0 1921250427 888448967 RA
>>> 1266506676.651348 ip1 port1 ip2 port2 60 0 888448966 0 S
>>> 1266506676.651708 ip2 port2 ip1 port1 40 0 570721244 888448967 RA
>>> 1266506682.651195 ip1 port1 ip2 port2 60 0 888448966 0 S
>>> 1266506682.651622 ip2 port2 ip1 port1 40 0 1779909088 888448967 RA
>>> 1266506694.651297 ip1 port1 ip2 port2 60 0 888448966 0 S
>>> 1266506694.651669 ip2 port2 ip1 port1 40 0 2051408459 888448967 RA
>>> 1266506718.651252 ip1 port1 ip2 port2 60 0 888448966 0 S
>>> 1266506718.651676 ip2 port2 ip1 port1 60 0 3793171500 888448967 SA
>>>
>> This is a pattern that Bro will interpret differently depending on the
>> setting of various timeouts defined in bro.init.
>> ...
>> Could that be what's going on?
>>
>
> I've checked this, all the timeouts in bro.init are exactly the same, so
> this not what is going on.
>
> --
> Best regards, Boris Nechaev.
>
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro-ids.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
More information about the bro-dev
mailing list