[Bro] HTTP and unmatched_HTTP_reply
Reed Porada
rporada at ll.mit.edu
Mon Oct 15 14:33:51 PDT 2007
When running bro (1.3.2), I get several 'unmatched_HTTP_reply'
statements, and looking at the output in http.log I get several
'<unknown request>'. I then printed out the conn_id for these
requests, then did a random sampling of those within the pcap. All
of the sessions looked ok, as in no different then the successfully
matched request/reply flows. What might cause these unmatched replies?
Commandline:
bro -r my.pcap http http-request http-reply http-body
Thanks,
-Reed
More information about the Bro
mailing list