[Bro] Problem with connections in S1 and SF state

[Sven Dreyer]

Am 27.04.2016 um 16:59 schrieb James Lay:
> Read this thread:
>
> http://thread.gmane.org/gmane.comp.security.detection.bro/9211
>
> It might help.

Thanks James.

In my case, it's not UDP, but TCP. Due to the handshake at the beginning 
of a TCP connection, initiator and receiver of the connection can be 
distinguished, and conn.log says that bro saw the initial connection 
setup (ShA flags in history field).

Thanks,
Sven