Tx_id in http flow

bvaladier · November 29, 2022, 2:55pm

Hi there,

I can’t find anywhere in suricata documentation how the tx_id value is being incremented, with regards to http flow.
Can anybody tell me how it actually works ?
Thanks very much in advance

Benoit

vjulien · November 29, 2022, 6:39pm

A transaction is a request response pair. Each gets it’s own id, starting at 0. So if the tx_id is 10, it means it’s the 11th (starting at 0) request response pair.

bvaladier · November 30, 2022, 8:12am

Hi Victor,
Thank you for this answer which is crystal clear.
If multiple files are being transmitted within the same flow_id, is this tx_id being incremented for each of them ?

vjulien · November 30, 2022, 10:32am

Usually, but not always. In case of a multipart body we may have multiple files in a single transaction (request/response pair).

bvaladier · December 1, 2022, 8:23am

thanks again Victor for your reply

Topic		Replies	Views
The flow id got changed even though I keep send the same packet Help	2	550	April 27, 2022
Http2 transaction verdict Rules rules	1	371	October 21, 2022
Flowint example is odd Rules	2	234	August 9, 2023
Re: Feature #1478 Developers	1	429	July 10, 2020
[Dev] New AppLayer Detection on TCP Protocol Developers	3	927	December 4, 2020

Tx_id in http flow

Related Topics