[Bro] SMB Parsing and dialect

[Chris Grier]

Phuong Nguyen wrote:
> Hi All,
>
> It appears that the current SMB parser does not maintain result of 
> NEGOTIAGE, mainly the dialect, for parsing dialect dependent 
> request/response. Is this something that will get added in the future? 
> or deemed unnecessary? Thanks
>
> Phuong
There's an extended version of the SMB parser that maintains the results 
of many of the SMB packet types, which will probably be integrated in 
the future. It parses SMB packets in more detail and passes the results 
out to the policy, including things such as dialects in the 
SMB_NEGOTIATE packets and the responses.

-- 
Chris Grier <grier at uiuc.edu>