[Bro] Help with http_entity_data script
Seth Hall
seth at icir.org
Thu Dec 5 20:53:19 PST 2013
On Dec 5, 2013, at 11:29 PM, scottie <jwillie4020 at gmail.com> wrote:
> In the http.log its missing the method, host, uri, referrer, and user_agent, even though the method, host and uri are clearly in the pcap:
> 1386301933.281650 CJa1U94yRhXVPIdPde 10.1.40.137 44393 202.58.38.95 80 0 - - - - - 0 235 302 Found - - - (empty) - - -- - FYPqLs2ezZWfT428fi text/html
I didn't try your pcap but I don't think I need to. It looks like you have bad checksums. Run Bro with the -C flag.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131205/2b824466/attachment.bin
More information about the Bro
mailing list