Project

General

Profile

Actions
Copy link

Bug #2430

closed

http eve log data source/dest flip

Added by Jason Taylor over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
4.1beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

We started seeing some of our http traffic source and destination data
flipped.

As far as we can tell it appears to happen when a client is going to
port 443/ssl traffic through our proxies.

flow data source and destination are correct so it appears to maybe be
related to http parsing.

Attached are the suricata build information, json log data and pcap.

Files

Download all files
evelog.txt (3.45 KB) evelog.txt eve log Jason Taylor, 02/01/2018 08:35 AM
suri.buildinfo.txt (3.18 KB) suri.buildinfo.txt suri build info Jason Taylor, 02/01/2018 08:35 AM
backwards.pcap (7.85 KB) backwards.pcap pcap Jason Taylor, 02/01/2018 08:35 AM

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2480: http eve log data source/dest flip (4.0.x)ClosedVictor JulienActions
Actions
Copy link

Also available in: Atom PDF