[Bro] Forcing analyser on partial connections

[Vern Paxson]

> I have some very long lived http connections where the capture file doesn't
> have the tcp setup packets. Is there a way to force the analyser to run on
> such partial connections?

Which version of Bro are you using, and with what options?  In 1.5.1, the
settings are such that HTTP analysis should work on partial connections
if you're not running with --use-binpac.  (By default, this is indeed off.)

		Vern