[Bro] http_request event
bchen at cs.ucf.edu
bchen at cs.ucf.edu
Sun Jun 19 19:05:01 PDT 2005
Hi Vern,
Thank you for your reply. I have actually loaded all http-related
.bro files,
including http, http-request, http-reply, http-body, etc. I load them
in mt.bro
and run Bro: ./bro -i eth0 mt. I then access a web server from the same
machine
where Bro is running. http-request and http-reply event handlers have
never been
called. Please be noted that I am doing these experiments in a close
environment, a small LAN, which is connected together with a hub and
disconnected from Internet. There are no DNS servers and Gateway here. The
Communicatin is basically point-to-point. Is this environment affecting the
functionality of the http analyzer?
thanks
Bing
Quoting Vern Paxson <vern at icir.org>:
> What exactly are you doing in your script? Note that "@load http" won't
> do it - you need "@load http-request" or "@load http-reply" to get
> request/replies, respectively.
>
> Vern
>
More information about the Bro
mailing list