[Bro-Dev] SMB analyzer
nicolas.retrain at cea.fr
nicolas.retrain at cea.fr
Fri May 24 06:58:03 PDT 2013
Le 24/05/2013 15:32, Seth Hall a écrit :
> On May 24, 2013, at 5:04 AM, nicolas.retrain at cea.fr wrote:
>
>> Today I am looking at the SMB Analyzer, and I have few questions.
>> -Why did you choose to anlayse the SNIA-CIFS version, and not the others
>> ? (http://www.cifs.org/wiki/SMB/CIFS_References). Some of them have new
>> dialects and don't match anymore :s . (I know, the SMB documentation is
>> a real mess.. ).
> Why do you say that we are implementing the SNIA-CIFS version?
Because the version is given in the SMB.h file. Also, I have started to
compare the SNIA documentation with the binpac code, and I confirm the
SNIA version.
>
>> -Some events are not well written into the event.bif :
>> For instance, the smb_com_negotiate event is build with 3 arguments
>
> What's in the release is not where the current development is. The current version of the development is in the topic/seth/smb-smb2-work branch.
ho.. so someone is still working on it? It has changed a lot, I will
look closer at this branch.
It will be merged for the next release?
Nicolas
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
More information about the bro-dev
mailing list