[Bro] Problem with connections in S1 and SF state
Sven Dreyer
sven at dreyer-net.de
Thu Apr 28 06:48:36 PDT 2016
Hi Jan,
Am 27.04.2016 um 16:49 schrieb Jan Grashöfer:
> Do both log lines differ only in receiver/originator? If there are
> packets missing in your replayed test it is likely that there is an
> issue with capturing the traffic.
You are right, they only differ in receiver/originator.
Thanks for the hint, but I don't think that packet loss is the problem
here, because conn.log says that bro saw the initial connection setup
(ShA flags in history field). That should be sufficient to tell who's
the originator.
I also repeated playback several times with different speeds, the result
is reproducible.
Thanks,
Sven
More information about the Bro
mailing list