[Bro] DNS state remains uninitialized in dns_message event
Naveed Anwar
hunarame at gmail.com
Tue Jun 26 06:16:50 PDT 2012
Hi,
I want to capture DNS queries of a pcap but there is an issue with DNS
events. The DNS state in the connection record remains uninitialized for my
DNS queries.
Here's how I'm looking at the DNS state information:
event dns_message(c: connection, is_orig: bool, msg: dns_msg, len: count)
{
print c;
}
pcap: http://www.sysnet.org.pk/needo/mix1.pcap
bro-output: http://www.sysnet.org.pk/needo/bro.log
--
Regards,
Naveed Anwar Bhatti
MS(CS) - FAST NU islamabd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120626/edd5699f/attachment.html
More information about the Bro
mailing list