Project

General

Profile

Actions

Feature #2562

closed

Add http_port in http eve-log if specified in the hostname

Added by Maurizio Abba over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
low
Difficulty:
low
Label:

Description

This proposed patch adds a single element in a http json object, adding the port to the "http" object with the key "http_port". Note that this item will be set only if the port is set in the hostname and it's not grabbed from the TCP flow.

Attached a pcap with the http port 1337 (as evident, the flow is actually on TCP port 80, but the hostname has port 1337 => "dest_port": will be set to 80, while http.http_port will be set to 1337).


Files

2008-weirdport.pcap (1.48 KB) 2008-weirdport.pcap pcap with hostname set to "ev.sk:1337" resulting in http_port: 1337 Maurizio Abba, 08/03/2018 12:50 PM
Actions

Also available in: Atom PDF