[Bro] How to detect transparent proxy by BRO IDS (2.4.1)

Hafiz Shafiq hms.uet at gmail.com
Sun Oct 23 21:36:08 PDT 2016


Sir,
Our network administrator is using proxy in transparent mode (SQUID). In
this mode , there is no need for user to configure proxy option on his
computer. I have captured few hours traffic via tcpdump and when I run bro,
to know about http trafffic and defferent apps used (like google, youtube
etc.). I am amazed to know that there is even not http.log and
app_stats.log files generated. Is it some problem in bro configuration. I
have searched from its manual, infomation given about proxy could not solve
my problem. I have checked load_scripts.log. I shows that http analyzer is
loaded.
Can you please guide me about this issue ?

Regards

Hafiz Muhammad Shafiq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161024/0d93a37d/attachment.html 


More information about the Bro mailing list