Jimmy Jones created BIT-1264:
--------------------------------
Summary: HTTP response not detected on nonstandard port
Key: BIT-1264
URL: https://bro-tracker.atlassian.net/browse/BIT-1264
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Environment: CentOS 6
Reporter: Jimmy Jones
Attachments: relaxed.bro, relaxed-http.sig, sample-small2-rsp.pcap,
sample-small-rsp.pcap
Using the attached bro script I've tweaked the HTTP signature to match on http
responses without the corresponding HTTP request TCP session. I know in a
proper setup you should never get single sided traffic, but certainly when
using bro as a tool you have to deal with it sometimes.
Bro handles this fine when the HTTP is on port 80, but not when on port 4321
(see attached PCAPs). I'm curious as to why?
--
This message was sent by Atlassian JIRA
(v6.4-OD-05-009#64003)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
