Project

General

Profile

Actions
Copy link

Bug #2430

closed

http eve log data source/dest flip

Added by Jason Taylor about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
4.1beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

We started seeing some of our http traffic source and destination data
flipped.

As far as we can tell it appears to happen when a client is going to
port 443/ssl traffic through our proxies.

flow data source and destination are correct so it appears to maybe be
related to http parsing.

Attached are the suricata build information, json log data and pcap.

Files

Download all files
evelog.txt (3.45 KB) evelog.txt eve log Jason Taylor, 02/01/2018 08:35 AM
suri.buildinfo.txt (3.18 KB) suri.buildinfo.txt suri build info Jason Taylor, 02/01/2018 08:35 AM
backwards.pcap (7.85 KB) backwards.pcap pcap Jason Taylor, 02/01/2018 08:35 AM

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2480: http eve log data source/dest flip (4.0.x)ClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Andreas Herz about 6 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Victor Julien about 6 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from TBD to 4.1beta1
Actions
Copy link
 #3

Updated by Victor Julien about 6 years ago

  • Status changed from Assigned to Closed
Actions
Copy link
 #4

Updated by Victor Julien almost 6 years ago

  • Related to Bug #2480: http eve log data source/dest flip (4.0.x) added
Actions
Copy link

Also available in: Atom PDF