[Bro] conn history
Seth Hall
seth at icir.org
Thu Nov 3 05:34:05 PDT 2016
> On Nov 3, 2016, at 8:14 AM, erik clark <philosnef at gmail.com> wrote:
>
> What does a history of - imply about a connection in conn.log? I have a significant number of conn events with that for a history, and I am wondering if this is possibly because of duplicate packets. Thanks!
I'm not sure off hand. I checked some code and can't quite explain it. Can you send me some of your conn log entries off list where you are seeing this? I wonder if there are any other clues in the log.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list