[Bro-Dev] [JIRA] (BIT-1264) HTTP response not detected on nonstandard port
Jimmy Jones (JIRA)
jira at bro-tracker.atlassian.net
Mon Sep 29 02:26:07 PDT 2014
Jimmy Jones created BIT-1264:
Summary: HTTP response not detected on nonstandard port
Project: Bro Issue Tracker
Issue Type: Problem
Affects Versions: git/master
Environment: CentOS 6
Reporter: Jimmy Jones
Attachments: relaxed.bro, relaxed-http.sig, sample-small2-rsp.pcap, sample-small-rsp.pcap
Using the attached bro script I've tweaked the HTTP signature to match on http responses without the corresponding HTTP request TCP session. I know in a proper setup you should never get single sided traffic, but certainly when using bro as a tool you have to deal with it sometimes.
Bro handles this fine when the HTTP is on port 80, but not when on port 4321 (see attached PCAPs). I'm curious as to why?
This message was sent by Atlassian JIRA
More information about the bro-dev