[Zeek] http body q.
Jon Siwek
jsiwek at corelight.com
Tue Jul 30 17:46:04 PDT 2019
On Tue, Jul 30, 2019 at 4:04 PM Dk Jack <dnj0496 at gmail.com> wrote:
> However, in my cluster setup, the end_entity event from response body is coming first, then log-filter call, followed by end entity call for request.
For the pcap you gave, it looks like that is actually the real order
of the packets: the client is in the middle of sending the request
body, but we see the server's OK response before the request is even
finished (server also starts trying to reset connection at that
point). So seems like it's weirdness to blame on that particular HTTP
server? Or do you generally see this same pattern for other servers,
too?
- Jon
More information about the Zeek
mailing list