Small bug in TCP_Rewriter

Angelita_de_Cassia_C · July 22, 2005, 5:35pm

Hi Jason,

I need to understand more the alert, the definition of each column.

In your example, could you explain me what each column means?

Sep 18 06:51:41 0.153497 131.243.2.87 131.243.2.13 http 2077 80 tcp 66 239 RSTO X %14
Sep 18 06:51:41 0.162454 131.243.2.87 131.243.2.13 http 2087 80 tcp 70 604 RSTO X %14
Sep 18 06:51:42 0.153911 131.243.2.87 131.243.2.13 http 2100 80 tcp 80 604 RSTO X %14
Sep 18 06:51:42 0.165501 131.243.2.87 131.243.2.13 http 2115 80 tcp 80 604 RSTO X %14

Date/time: Sep 18 06:51:42
Duration of de connection: 0.153497
Origin IP: 131.243.2.87
Victim IP: 131.243.2.13
Victim Protocol: http
???: 2077
Victim Port: 80
Transport Protocol: tcp
???: 66
???: 239 *** (is this the alert SID0?)
???: RSTO
???: X
???: %14

Does the bro use SID to identify the alert description?

Thanks
Angelita

Topic		Replies	Views
using Bro as traffic analyzer. Zeek	18	162	May 6, 2022
handle out of order and retransmitted packets in offline trace Zeek	18	278	May 6, 2022
RE: Few questions... Zeek	1	84	May 6, 2022
Something is not clear to me concerning reporting Zeek	7	122	May 6, 2022
RE: Few questions... Zeek	1	90	May 6, 2022

Small bug in TCP_Rewriter

Related topics