Actions
Support #1832
closedmissed http log
Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:
Description
I installed and tested suricata 3.1.
I can't find some http resquest in http log.
tcpdump
15:22:38.981121 IP 255.53.203.105.59484 > 123.121.166.201.http: Flags [P.], seq 1:503, ack 1, win 256, length 502: HTTP: GET /~sgtatham/putty/0.67/x86/puttytel.exe HTTP/1.1 15:22:39.028003 IP 255.53.203.105.59485 > 123.121.166.201.http: Flags [P.], seq 1:500, ack 1, win 256, length 499: HTTP: GET /~sgtatham/putty/0.67/x86/putty.exe HTTP/1.1 15:22:39.231393 IP 255.53.203.105.59486 > 123.121.166.201.http: Flags [P.], seq 1:499, ack 1, win 256, length 498: HTTP: GET /~sgtatham/putty/0.67/x86/pscp.exe HTTP/1.1 15:22:39.300317 IP 255.53.203.105.59487 > 123.121.166.201.http: Flags [P.], seq 1:500, ack 1, win 256, length 499: HTTP: GET /~sgtatham/putty/0.67/x86/psftp.exe HTTP/1.1 15:22:39.859723 IP 255.53.203.105.59488 > 123.121.166.201.http: Flags [P.], seq 1:500, ack 1, win 256, length 499: HTTP: GET /~sgtatham/putty/0.67/x86/plink.exe HTTP/1.1 15:22:40.465308 IP 255.53.203.105.59489 > 123.121.166.201.http: Flags [P.], seq 1:502, ack 1, win 256, length 501: HTTP: GET /~sgtatham/putty/0.67/x86/pageant.exe HTTP/1.1 15:22:40.993240 IP 255.53.203.105.59484 > 123.121.166.201.http: Flags [P.], seq 503:1005, ack 335053, win 10292, length 502: HTTP: GET /~sgtatham/putty/0.67/x86/puttygen.exe HTTP/1.1 15:22:49.389869 IP 255.53.203.105.59490 > 179-92-239-231.user.vivozap.com.br.http: Flags [P.], seq 1:502, ack 1, win 256, length 501: HTTP: GET /~simon/putty-snapshots/x86/putty.exe HTTP/1.1 15:22:49.464174 IP 255.53.203.105.59491 > 179-92-239-231.user.vivozap.com.br.http: Flags [P.], seq 1:505, ack 1, win 256, length 504: HTTP: GET /~simon/putty-snapshots/x86/puttytel.exe HTTP/1.1 15:22:50.528012 IP 255.53.203.105.59492 > 179-92-239-231.user.vivozap.com.br.http: Flags [P.], seq 1:501, ack 1, win 256, length 500: HTTP: GET /~simon/putty-snapshots/x86/pscp.exe HTTP/1.1 15:22:50.724497 IP 255.53.203.105.59493 > 179-92-239-231.user.vivozap.com.br.http: Flags [P.], seq 1:502, ack 1, win 256, length 501: HTTP: GET /~simon/putty-snapshots/x86/psftp.exe HTTP/1.1 15:22:51.277676 IP 255.53.203.105.59494 > 179-92-239-231.user.vivozap.com.br.http: Flags [P.], seq 1:502, ack 1, win 256, length 501: HTTP: GET /~simon/putty-snapshots/x86/plink.exe HTTP/1.1 15:22:51.789606 IP 255.53.203.105.59495 > 179-92-239-231.user.vivozap.com.br.http: Flags [P.], seq 1:504, ack 1, win 256, length 503: HTTP: GET /~simon/putty-snapshots/x86/pageant.exe HTTP/1.1 15:22:53.290584 IP 255.53.203.105.59491 > 179-92-239-231.user.vivozap.com.br.http: Flags [P.], seq 505:1009, ack 342199, win 967, length 504: HTTP: GET /~simon/putty-snapshots/x86/puttygen.exe HTTP/1.1
http_log
06/29/2016-15:22:39.268559 the.earth.li [**] /~sgtatham/putty/0.67/x86/puttytel.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59484 -> 123.121.166.201:80 06/29/2016-15:22:39.879593 the.earth.li [**] /~sgtatham/putty/0.67/x86/psftp.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59487 -> 123.121.166.201:80 06/29/2016-15:22:39.514533 the.earth.li [**] /~sgtatham/putty/0.67/x86/pscp.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59486 -> 123.121.166.201:80 06/29/2016-15:22:40.146641 the.earth.li [**] /~sgtatham/putty/0.67/x86/plink.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59488 -> 123.121.166.201:80 06/29/2016-15:22:39.611486 the.earth.li [**] /~sgtatham/putty/0.67/x86/putty.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59485 -> 123.121.166.201:80 06/29/2016-15:22:41.274641 the.earth.li [**] /~sgtatham/putty/0.67/x86/puttygen.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59484 -> 123.121.166.201:80 06/29/2016-15:22:49.700064 tartarus.org [**] /~simon/putty-snapshots/x86/putty.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59490 -> 179.92.239.231:80 06/29/2016-15:22:51.057104 tartarus.org [**] /~simon/putty-snapshots/x86/psftp.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59493 -> 179.92.239.231:80 06/29/2016-15:22:51.564961 tartarus.org [**] /~simon/putty-snapshots/x86/plink.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59494 -> 179.92.239.231:80 06/29/2016-15:22:52.104125 tartarus.org [**] /~simon/putty-snapshots/x86/pageant.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59495 -> 179.92.239.231:80 06/29/2016-15:22:50.823167 tartarus.org [**] /~simon/putty-snapshots/x86/pscp.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59492 -> 179.92.239.231:80 06/29/2016-15:22:40.750647 the.earth.li [**] /~sgtatham/putty/0.67/x86/pageant.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59489 -> 123.121.166.201:80 06/29/2016-15:22:50.066071 tartarus.org [**] /~simon/putty-snapshots/x86/puttytel.exe [**] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 [**] 255.53.203.105:59491 -> 179.92.239.231:80 <pre/> So I capture that traffic and attech this post.
Files
Updated by Victor Julien over 8 years ago
- Tracker changed from Bug to Support
The issue is that one of the streams is experiencing packet loss. Stream 10 has missing data which leads to a stream gap.
Updated by Andreas Herz over 8 years ago
- Assignee set to Anonymous
- Target version set to TBD
Updated by Andreas Herz over 7 years ago
Closed since no response after 8months, reopen if necessary, thanks!
Actions