[Bro] A strange connection
Po-Ching Lin
pachinko.tw at gmail.com
Sun Jan 25 04:42:47 PST 2015
I saw a strange connection in a connection log. In this connection, the original bytes
are 114,502,461, but most of the bytes are simply missing (114,502,154 bytes
according to the missed bytes field). The original IP bytes are relatively few
(only 519 bytes). What is the possible cause of the large sequence gap? Is it due to
capture loss? Thanks.
1419498119.991707 CLQP0QdahFaFha0U2 140.x.x.x 58967 66.171.248.x 80 tcp http 253.220343 114502461 592490922 SF T 114502154
ShADadfF 5 519 6 578 (empty)
Po-Ching
More information about the Bro
mailing list