[Bro] Gigamon issues
Carl Rotenan
carlrotenan at gmail.com
Mon Jun 4 08:43:44 PDT 2018
Hello,
I'm trying to extract files from traffic coming from a Gigamon box doing
SSL decryption, but Bro doesn't seem to like or able to comprehend the
data. I get the following entries in my weird.log file, does anyone have a
Gigamon they are able to do this with or any ideas what the logs seem to
indicate?
Thanks,
Carl
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2018-06-04-11-37-09
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1528122717.528452 Cqshm33SbZlmFKbUn2 10.1.10.122 52544 134.213.72.175 80
SYN_seq_jump - F bro
1528122720.752922 Cqshm33SbZlmFKbUn2 10.1.10.122 52544 134.213.72.175 80
window_recision - F bro
1528122782.018423 Ccnbkv2S8zjS0Znc35 10.1.10.122 52545 134.213.72.175 80
SYN_seq_jump - F bro
1528122782.018433 Ccnbkv2S8zjS0Znc35 10.1.10.122 52545 134.213.72.175 80
TCP_ack_underflow_or_misorder - bro
1528122782.237519 Ccnbkv2S8zjS0Znc35 10.1.10.122 52545 134.213.72.175 80
TCP_seq_underflow_or_misorder - bro
1528122805.509482 Cd5o3I37LutpcsMP8a 10.1.10.122 52546 134.213.72.175 80
SYN_seq_jump - F bro
1528122808.723988 Cd5o3I37LutpcsMP8a 10.1.10.122 52546 134.213.72.175 80
window_recision - F bro
#close 2018-06-04-11-37-09
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180604/5fc1234c/attachment-0001.html
More information about the Bro
mailing list