[Bro] Questions about Bro's DNS Parser
Seth Hall
hall.692 at osu.edu
Sun Jan 24 19:21:54 PST 2010
On Jan 24, 2010, at 5:15 PM, daniela.miao at utoronto.ca wrote:
> However, I've run into some
> problems with certain packets that contain DNS responses with errors.
> I'm not sure what the exact problem is, but it seems that the bro
> parser is having trouble recognizing all the returned error codes
> (indicating "malformed packets", "no such name exists", "server
> failure" etc.) I have attached a fragment of the log file to
> illustrate my point, as you can see, all the responses containing
> errors simply turn into "A requested domain name")
Are you using the binpac based parser? I was just running into
trouble last night with error codes being returned incorrectly from
the binpac parser. The hand written parser was working fine for me
though.
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list