[Bro] DNS state remains uninitialized in dns_message event

Naveed Anwar hunarame at gmail.com
Tue Jun 26 06:16:50 PDT 2012


I want to capture DNS queries of a pcap but there is an issue with DNS
events. The DNS state in the connection record remains uninitialized for my
DNS queries.

Here's how I'm looking at the DNS state information:

event dns_message(c: connection, is_orig: bool, msg: dns_msg, len: count)
         print c;

pcap: http://www.sysnet.org.pk/needo/mix1.pcap
bro-output: http://www.sysnet.org.pk/needo/bro.log

Naveed Anwar Bhatti
MS(CS) - FAST NU islamabd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120626/edd5699f/attachment.html 

More information about the Bro mailing list