48 lines
1.2 KiB
Markdown
48 lines
1.2 KiB
Markdown
|
# 【AppsketchWorks】webshark和explore中相同会话ID的会话内容不一致
|
|||
|
|
|
|||
|
|
| ID | Creation Date | Assignee | Status |
|
|||
|
|
|----|----------------|----------|--------|
|
|||
|
|
| OMPUB-1436 | 2024-08-27T17:05:36.000+0800 | 方顺健 | 已解决 |
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
webshark和explore中相同会话ID的会话内容不一致
|
|||
|
|
|
|||
|
|
!image-2024-08-27-17-00-45-403.png|width=881,height=644!
|
|||
|
|
|
|||
|
|
!image-2024-08-27-17-04-26-330.png|width=882,height=624!**fangshunjian** commented on *2024-08-27T18:40:36.657+0800*:
|
|||
|
|
|
|||
|
|
[https://community.zeek.org/t/conn-log-timestamps-order-of-appearance/6452/3]
|
|||
|
|
{quote}However, the log line is written after the connection terminates. Thus, it is expected, and completely normal, that the the timestamps will not be ordered chronologically.
|
|||
|
|
{quote}
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**fangshunjian** commented on *2024-09-02T09:34:13.648+0800*:
|
|||
|
|
|
|||
|
|
1、开发zeek script修改stream id实现方式,conn.log 能够准确记录stream id
|
|||
|
|
|
|||
|
|
2、尝试将webshark 升级到最新版本,仍存在 tcp.stream eq xxx 查询错误的情况。
|
|||
|
|
|
|||
|
|
鉴于此功能非当前核心功能,暂不修复
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
## Attachments
|
|||
|
|
|
|||
|
|
**61962/image-2024-08-27-17-00-45-403.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**61961/image-2024-08-27-17-04-26-330.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|