[Bro] problem with known-services.bro
Seth Hall
seth at icir.org
Thu Jun 4 19:23:16 PDT 2015
> On Jun 4, 2015, at 3:16 PM, Earl Eiland <earl.eiland at root9b.com> wrote:
>
> Hello. I'm running known-services.bro on a pcap file. I'm having two problems: no known-services.log file is being generated, and some packets trigger "internal warning: Unexpected IP version in FragReassembler”.
By default the known-hosts script only records hosts in your Site::local_nets. You can set that with networks.cfg if you are running broctl or you can set it directly in Bro scripts like this...
redef Site::local_nets += { 1.2.3.0/24, 5.6.7.0/24 };
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150604/ccdad951/attachment.bin
More information about the Bro
mailing list