[Bro] http_request event

Vern Paxson vern at icir.org
Sun Jun 19 19:53:35 PDT 2005


The next step is to record the traffic with tcpdump -w (using a snapshot
of -s 0 to capture entire packets) and then run bro against the trace using
bro -r trace rather than running it live.  If it doesn't log any HTTP
session information, look at the trace using tcpdump -v -v to see whether
it *contains* any tcpdump traffic, and whether the traffic has valid
checksums.

		Vern



More information about the Bro mailing list