[Bro] Forcing analyser on partial connections
sridhar basam
sridhar.basam at gmail.com
Tue Jun 1 10:58:55 PDT 2010
On Tue, Jun 1, 2010 at 1:51 PM, Vern Paxson <vern at icir.org> wrote:
> > I have some very long lived http connections where the capture file
> doesn't
> > have the tcp setup packets. Is there a way to force the analyser to run
> on
> > such partial connections?
>
> Which version of Bro are you using, and with what options? In 1.5.1, the
> settings are such that HTTP analysis should work on partial connections
> if you're not running with --use-binpac. (By default, this is indeed off.)
>
> Vern
>
Thanks, i will upgrade to 1.5.1. I am currently using 1.4.
Sridhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100601/531b5588/attachment.html
More information about the Bro
mailing list