[Bro] BRO conn.log - connection flow direction wrong - non standard telnet port connection
Seth Hall
seth at icir.org
Mon Nov 4 05:50:24 PST 2013
On Nov 3, 2013, at 10:34 PM, Konrad Weglowski <knrd at rogers.com> wrote:
> zcat conn.00\:00\:00-01\:00\:00.log.gz | bro-cut -d ts uid proto conn_state
> history | grep BuR4quUCRKe
> 2013-11-03T00:41:24+0000 BuR4quUCRKe tcp SH Fa
Could you capture some packets from one of these connections and send it to me? There must be something else going on here.
> 2013-11-03T00:11:59+0000 900.000034 bro 0 669214
> 0.000%
> 2013-11-03T00:26:59+0000 900.000020 bro 0 675273
This looks good at least.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131104/8f5127f8/attachment.bin
More information about the Bro
mailing list