[Bro] Bro patch

Seth Hall seth at icir.org
Tue Dec 14 07:28:16 PST 2010


On Dec 14, 2010, at 2:53 AM, j.sentier206 wrote:

> For ICMP, I wanted to access the payload of the packets.

This absolutely makes sense.  I'll file a ticket with the changes to the ICMP analyzer.  We'll have to discuss and see if it's something that we want to add.  I can see why you'd want it though.

> For SMB, I fixed a small bug and added the processid field.

Unfortunately, the SMB analyzer does have several bugs that prevent it from working but it looks like you caught all of them.  For the 1.6 release, we're hoping to have high quality SMB and SMB2 analyzers but they're being completely rewritten.  If you have a further interest in working on SMB+SMB2 analyzers, please let us know, we can point you in the right direction.

Thanks,
  .Seth



More information about the Bro mailing list