[Bro] Bro and NetBIOS

Vito Logrillo vitologrillo at gmail.com
Mon Oct 20 08:25:10 PDT 2014


Sorry Seth,
but i don't understand your answer: what you mean with "... I believe that
even if you got the analyzer attached it wouldn't do much for you"?
Because i want to analyze and decode all NetBIOS traffic, with the help of
google and your useful mailing list i've wrote a test script like this:
....snippet...
const NetBIOSports = { 138/udp, 139/tcp, 445/tcp};

event bro_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_NETBIOSSSN,NetBIOSports);
}

event netbios_session_message(c: connection, is_orig: bool, msg_type:count,
data_len: count) &priority=5
{
print "netbios_session_message";
}
................
But Bro gives me this error:

Internal error: unknown analyzer name NETBIOS; mismatch with tag
analyzer::Component?

I'm using Bro in the wrong way?

2014-10-20 17:10 GMT+02:00 Seth Hall <seth at icir.org>:

>
> On Oct 20, 2014, at 10:44 AM, Vito Logrillo <vitologrillo at gmail.com>
> wrote:
>
> > thanks for your support: about NetBIOS, do you have any suggestion?
> What's wrong?
>
> I don't know about the problem you're encountering, but I believe that
> even if you got the analyzer attached it wouldn't do much for you.
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141020/278110fc/attachment.html 


More information about the Bro mailing list