[Bro] problem with known-services.bro

Seth Hall seth at icir.org
Thu Jun 4 19:23:16 PDT 2015


> On Jun 4, 2015, at 3:16 PM, Earl Eiland <earl.eiland at root9b.com> wrote:
> 
> Hello.  I'm running known-services.bro on a pcap file.  I'm having two problems:  no known-services.log file is being generated, and some packets trigger "internal warning: Unexpected IP version in FragReassembler”.

By default the known-hosts script only records hosts in your Site::local_nets.  You can set that with networks.cfg if you are running broctl or you can set it directly in Bro scripts like this...

redef Site::local_nets += { 1.2.3.0/24, 5.6.7.0/24 };

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150604/ccdad951/attachment.bin 


More information about the Bro mailing list