Jason Carr created BIT-1545:
-------------------------------
Summary: SSH connection not recording entire flow correctly
Key: BIT-1545
URL: https://bro-tracker.atlassian.net/browse/BIT-1545
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master, 2.4
Environment: Ubuntu 14.04 LTS, myricom 10g capture card
Reporter: Jason Carr
Attachments: ssh-port22.pcap
Making a connection out to a server via ssh does not write to conn.log while
running with broctl but it does log to weird.log and ssh.log but nothing to
conn.log.
While running bro -C -r ssh-port22.pcap, a partial log entry is listed with an
incorrect and very low number of packets and bytes.
It was determined that disabling the SSH analyzer gets the correct conn.log
output.
Analyzer::disable_analyzer(Analyzer::ANALYZER_SSH);
Testing on try.bro.org, 2.4+ and master has this problem but 2.3 and below it
works as expected.
Attached is the SSH connection outbound pcap.
--
This message was sent by Atlassian JIRA
(v7.2.0-OD-03-010#72000)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
