[Bro] How to configure Bro to detect UDP port 53
Qinwen Hu
qhu009 at aucklanduni.ac.nz
Wed Jan 28 15:42:50 PST 2015
Hi all,
Please ignore my previous unfinished Email.
I am a new Bro user, I did few experiments to read the same DNS trace file
via Bro online version and Bro from my personal PC. The version number is
2.3.1.
I got some interesting results. the online version checks UDP port 53 5353
and 5355.
id.resp_p proto trans_id query
5353 UDP 0 sc-cs
53 UDP 533 2.0.0.0.0.0.....ip6.arpa
But, the one on my PC only checks port 5353 and 5355.
id.resp_p proto trans_id query
5353 UDP 0 sc-cs
53 UDP 533 -
Is this a configuration issue? And is there a way that I can configure my
Bro to check port 53?
Thanks
Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150129/9eb71d2b/attachment.html
More information about the Bro
mailing list