Project

General

Profile

Actions

Bug #2430

closed

http eve log data source/dest flip

Added by Jason Taylor almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

We started seeing some of our http traffic source and destination data
flipped.

As far as we can tell it appears to happen when a client is going to
port 443/ssl traffic through our proxies.

flow data source and destination are correct so it appears to maybe be
related to http parsing.

Attached are the suricata build information, json log data and pcap.


Files

evelog.txt (3.45 KB) evelog.txt eve log Jason Taylor, 02/01/2018 08:35 AM
suri.buildinfo.txt (3.18 KB) suri.buildinfo.txt suri build info Jason Taylor, 02/01/2018 08:35 AM
backwards.pcap (7.85 KB) backwards.pcap pcap Jason Taylor, 02/01/2018 08:35 AM

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2480: http eve log data source/dest flip (4.0.x)ClosedVictor JulienActions
Actions

Also available in: Atom PDF