[Bro] DNS state remains uninitialized in dns_message event

Naveed Anwar hunarame at gmail.com
Wed Jun 27 06:25:16 PDT 2012


On Tue, Jun 26, 2012 at 7:00 PM, Seth Hall <seth at icir.org> wrote:

> > I don't use the dns_message event in the base scripts for DNS so what is
> and what is not set when that event fires is currently undefined.  > Also,
> I'm a little unsure about what you suspect is unset in the output from your
> short script?
>

Thanks for the quick reply. I was trying to read the c$dns record in the
dns_message event which was uninitialized. Since you've pointed out that
the dns_message event's behavior is currently undefined I'll now be using
dns_query_reply and dns_rejected events to look at the DNS queries.


-- 
Regards,
Naveed Anwar Bhatti
MS(CS) - FAST NU islamabd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120627/51d0e96d/attachment.html 


More information about the Bro mailing list