[Bro] DNS state remains uninitialized in dns_message event
hunarame at gmail.com
Wed Jun 27 06:25:16 PDT 2012
On Tue, Jun 26, 2012 at 7:00 PM, Seth Hall <seth at icir.org> wrote:
> > I don't use the dns_message event in the base scripts for DNS so what is
> and what is not set when that event fires is currently undefined. > Also,
> I'm a little unsure about what you suspect is unset in the output from your
> short script?
Thanks for the quick reply. I was trying to read the c$dns record in the
dns_message event which was uninitialized. Since you've pointed out that
the dns_message event's behavior is currently undefined I'll now be using
dns_query_reply and dns_rejected events to look at the DNS queries.
Naveed Anwar Bhatti
MS(CS) - FAST NU islamabd
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro