Ticket #237 (new Problem)

Opened 2 years ago

Last modified 7 months ago

SSH connection states not correct

Reported by: robin Owned by: robin
Priority: Normal Milestone: Bro2.1
Component: Bro Version: 1.5.1
Keywords: Cc:

Description

With a small trace containing a single (complete) SSH connection:

bro -r trace.sample tcp ssh && cat conn.log

1265948302.843185 ? x.x.x.x y.y.y.y ssh 42228 22 tcp 39 40 S1 X

bro -r trace.sample tcp ssh SSH::skip_processing_after_handshake=F && cat conn.log

1265948302.843185 1.800597 x.x.x.x y.y.y.y ssh 42228 22 tcp 2415 2944 SF X

Looks like the FINs are ignored as well.

Change History

comment:1 Changed 7 months ago by seth

  • Milestone set to Bro1.7

Assigning this to the next release.

Note: See TracTickets for help on using tickets.