[Bro] conn history

Seth Hall seth at icir.org
Thu Nov 3 05:34:05 PDT 2016


> On Nov 3, 2016, at 8:14 AM, erik clark <philosnef at gmail.com> wrote:
> 
> What does a history of - imply about a connection in conn.log? I have a significant number of conn events with that for a history, and I am wondering if this is possibly because of duplicate packets. Thanks!

I'm not sure off hand.  I checked some code and can't quite explain it.  Can you send me some of your conn log entries off list where you are seeing this?  I wonder if there are any other clues in the log.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list