[Bro] weird: spontaneous_FIN problem for HTTP log
马振(Zhen Ma)
buptmazhen at gmail.com
Thu Dec 23 00:12:05 PST 2010
Hi!
I've captured a HTTP packet file using tcpdump. But when I read it with bro,
it shows message as following and I can't get log file:
1271639268.624587 weird: spontaneous_FIN
1271639268.624655 weird: spontaneous_FIN
1271639268.624759 weird: spontaneous_FIN
1271639277.565623 weird: above_hole_data_without_any_acks
1271639281.963865 weird: spontaneous_FIN
1271639282.625769 weird: above_hole_data_without_any_acks
1271639283.776172 weird: spontaneous_FIN
My command is "bro -r XXX.trace http-reply http-header". I can get log file
if I use "bro -r XXX.trace mt", but the output log file is not http
information and is not what I want.
Will anyone help me to fix this?
Thanks!
--
Best regards!
Eric,Ma
Tsinghua University, Beijing
Tel:15210836318
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20101223/6cd1b758/attachment.html
More information about the Bro
mailing list