[Bro-Dev] [JIRA] (BIT-911) SRV replies don't get processed by DNS analyzer

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Thu Apr 24 07:59:07 PDT 2014


     [ https://bro-tracker.atlassian.net/browse/BIT-911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jon Siwek updated BIT-911:
--------------------------

    Fix Version/s:     (was: 2.4)
                   2.3

> SRV replies don't get processed by DNS analyzer
> -----------------------------------------------
>
>                 Key: BIT-911
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-911
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Vern Paxson
>             Fix For: 2.3
>
>         Attachments: tdns-srv.bug.trace
>
>
> The event engine doesn't appear to generate {{dns_SRV_reply}} in some cases, as indicated by running on the attached trace.  I've tried this with both the default DNS analysis and my own custom analysis (that uses \-b to not run other stuff) and have confirmed that the reply event isn't getting generated, even though there aren't any checksum issues or such.



--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)


More information about the bro-dev mailing list