[Bro] invoking an analayzer without the default policy script?
Robin Sommer
robin at icir.org
Wed Dec 5 00:43:40 PST 2007
On Tue, Dec 04, 2007 at 15:43 -0800, Mike Wood wrote:
> this dns_request handler does not get called unless I add
>
> @load dns
Most likely you haven't set the capture filter to include DNS
packets into the analysis. Try adding this to your script (which is
from dns.bro):
redef capture_filters += {
["dns"] = "port 53",
["netbios-ns"] = "udp port 137",
};
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list