[Bro-Dev] [JIRA] (BIT-1265) Single sided HTTP POST split

Jimmy Jones (JIRA) jira at bro-tracker.atlassian.net
Mon Sep 29 04:54:07 PDT 2014


Jimmy Jones created BIT-1265:
--------------------------------

             Summary: Single sided HTTP POST split
                 Key: BIT-1265
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1265
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: Bro
    Affects Versions: git/master
         Environment: CentOS 6
            Reporter: Jimmy Jones
         Attachments: sample-upload2-all.pcap, sample-upload2-req.pcap

Attached two pcap samples, one is a single sided version of the other, an HTTP POST.

When I process the single sided version (sample-upload2-req) conn.log shows two sessions (the HTTP POST tcp connection that has been split) and http.log shows a partial upload. However processing the original sample (sample-upload2-all) everything is as expected - one connection in conn.log and a complete http.log

Are there any parameters I can tweak to make this work?



--
This message was sent by Atlassian JIRA
(v6.4-OD-05-009#64003)


More information about the bro-dev mailing list