Hi All, I submit this tcpdump file,
on this file, I found multiple web (80/tcp) trafic sessions : 4 07:27:27.124244 217.21.114.138 -> 217.128.40.168 HTTP Continuation 7 07:27:47.118987 217.128.40.168 -> 217.21.114.138 HTTP Continuation 14 07:27:48.445287 217.21.114.138 -> 217.128.40.168 HTTP Continuation 17 07:28:08.434051 217.128.40.168 -> 217.21.114.138 HTTP Continuation 24 07:28:09.760728 217.21.114.138 -> 217.128.40.168 HTTP CONNECT 64.157.4.84:25 HTTP/1.1 26 07:28:09.779377 217.128.40.168 -> 217.21.114.138 HTTP HTTP/1.1 405 Method Not Allowed but two first sessions is not clean, look apache1327 access_log : 217.21.114.138 - - [17/Apr/2003:07:27:27 +0200] "\x04\x01" 501 - "-" "-" 217.21.114.138 - - [17/Apr/2003:07:27:48 +0200] "\x05\x01" 501 - "-" "-" 217.21.114.138 - - [17/Apr/2003:07:28:09 +0200] "CONNECT 64.157.4.84:25 HTTP/1.1" 405 243 "-" "-" and error_log : [Thu Apr 17 07:27:27 2003] [error] [client 217.21.114.138] Invalid method in request \x04\x01 [Thu Apr 17 07:27:48 2003] [error] [client 217.21.114.138] Invalid method in request \x05\x01 (and not found error on Method CONNECT in apache log ...) I don't say change http dissector ... (I am not C dev) Thanks for any help or comments. Regard.
217.21.114.138-attak.tcpdump.gz
Description: GNU Zip compressed data
