[Bro] Bro behind a TLS reverse proxy
Brandon Sterne
brandon.sterne at gmail.com
Tue Apr 10 14:52:02 PDT 2018
Thank you for responding. I have a simplified testcase that doesn't require
nginx:
[shell1]$ sudo tcpdump -s 0 -i lo -w lo-port-80.pcap "port 80"
[shell2]$ sudo python -m SimpleHTTPServer 80
[shell3]$ curl localhost
[shell1]$ ^C
[shell1]$ tshark -t ud -r lo-port-80.pcap
Note the timestamps for any SYN-ACK packets in the captured streams.
Cheers,
Brandon
On Tue, Apr 10, 2018 at 2:46 PM, Hovsep Levi <hovsep.sanjay.levi at gmail.com>
wrote:
> Still could be a network driver issue. What kind of card is eth0 ?
>
> Your original problem looks like Bro is inline or on the same network
> instead of behind the nginx proxy. Maybe even running on the nginx proxy
> ?
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180410/d6998c06/attachment.html
More information about the Bro
mailing list