[Bro-Dev] SMB analyzer
Seth Hall
seth at icir.org
Fri May 24 06:32:34 PDT 2013
On May 24, 2013, at 5:04 AM, nicolas.retrain at cea.fr wrote:
> Today I am looking at the SMB Analyzer, and I have few questions.
> -Why did you choose to anlayse the SNIA-CIFS version, and not the others
> ? (http://www.cifs.org/wiki/SMB/CIFS_References). Some of them have new
> dialects and don't match anymore :s . (I know, the SMB documentation is
> a real mess.. ).
Why do you say that we are implementing the SNIA-CIFS version?
> -Some events are not well written into the event.bif :
> For instance, the smb_com_negotiate event is build with 3 arguments
What's in the release is not where the current development is. The current version of the development is in the topic/seth/smb-smb2-work branch.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the bro-dev
mailing list