[Bro] Crash on SMB Analyzer - Tree Connect AndX
seth at icir.org
Wed Nov 28 20:35:56 PST 2012
On Nov 28, 2012, at 10:29 PM, Mike Kolkebeck <mkolkebeck at gmail.com> wrote:
> Is this a known bug? Does anyone know of another event that would be better suited for identifying the share name, or is there any other easy workaround for this event?
There has been a lot of rework done on the smb analyzer that hasn't been released yet. I know that I fixed a lot of bugs existing in the existing analyzer you're working with. Unfortunately there probably isn't much of a way around the problem you're running into unless you want to try my in-progress branch.
I assume you've written all of the scripts to enable the SMB analyzer and add the c$smb field? Would you be interested in putting the scripts up somewhere?
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro