1.5 KiB
1.5 KiB
【AppsketchWorks】webshark和explore中相同会话ID的会话内容不一致
| ID | Creation Date | Assignee | Status |
|---|---|---|---|
| OMPUB-1436 | 2024-08-27T17:05:36.000+0800 | 方顺健 | 已解决 |
webshark和explore中相同会话ID的会话内容不一致
!image-2024-08-27-17-00-45-403.png|width=881,height=644!
!image-2024-08-27-17-04-26-330.png|width=882,height=624!fangshunjian commented on 2024-08-27T18:40:36.657+0800:
[https://community.zeek.org/t/conn-log-timestamps-order-of-appearance/6452/3] {quote}However, the log line is written after the connection terminates. Thus, it is expected, and completely normal, that the the timestamps will not be ordered chronologically. {quote}
fangshunjian commented on 2024-09-02T09:34:13.648+0800:
1、开发zeek script修改stream id实现方式,conn.log 能够准确记录stream id
2、尝试将webshark 升级到最新版本,仍存在 tcp.stream eq xxx 查询错误的情况。
鉴于此功能非当前核心功能,暂不修复
Attachments
Attachment: image-2024-08-27-17-00-45-403.png
Attachment: image-2024-08-27-17-04-26-330.png
