[Bro] Bro patch
j.sentier206 at laposte.net
Tue Dec 14 09:05:55 PST 2010
> On Dec 14, 2010, at 2:53 AM, j.sentier206 wrote:
> > For ICMP, I wanted to access the payload of the packets.
> This absolutely makes sense. I'll file a ticket with the changes to the ICMP analyzer. We'll have to discuss and see if it's something that we want to add. I can see why you'd want it though.
Thank you for the ticket.
I hope I will be able to access ICMP payloads in bro 1.6.
> > For SMB, I fixed a small bug and added the processid field.
> Unfortunately, the SMB analyzer does have several bugs that prevent it from working but it looks like you caught all of them. For the 1.6 release, we're hoping to have high quality SMB and SMB2 analyzers but they're being completely rewritten. If you have a further interest in working on SMB+SMB2 analyzers, please let us know, we can point you in the right direction.
I just happened to have an error with SMB on some pcap. I made a quick fix so that Bro could finish analyzing the file. I am sorry I will not have the time to work on the new analyzers
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
Je crée ma boîte mail www.laposte.net
More information about the Bro