[Bro] Crash on SMB Analyzer - Tree Connect AndX
Seth Hall
seth at icir.org
Wed Nov 28 20:35:56 PST 2012
On Nov 28, 2012, at 10:29 PM, Mike Kolkebeck <mkolkebeck at gmail.com> wrote:
> Is this a known bug? Does anyone know of another event that would be better suited for identifying the share name, or is there any other easy workaround for this event?
There has been a lot of rework done on the smb analyzer that hasn't been released yet. I know that I fixed a lot of bugs existing in the existing analyzer you're working with. Unfortunately there probably isn't much of a way around the problem you're running into unless you want to try my in-progress branch.
I assume you've written all of the scripts to enable the SMB analyzer and add the c$smb field? Would you be interested in putting the scripts up somewhere?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list