[Bro] problem with known-services.bro
Ali Hadi
ali at ashemery.com
Fri Jun 5 00:25:32 PDT 2015
You could also get the file generated by adding the local and the
Site::local_nets that Seth mentioned; like this:
bro -r file.pcap local "Site::local_nets +={172.16.0.0/16}"
knwon-services.bro
Where 172.16.0.0 is your local network.
Best regards,
*Ali *
On Fri, Jun 5, 2015 at 5:23 AM, Seth Hall <seth at icir.org> wrote:
> > On Jun 4, 2015, at 3:16 PM, Earl Eiland <earl.eiland at root9b.com> wrote:
> >
> > Hello. I'm running known-services.bro on a pcap file. I'm having two
> problems: no known-services.log file is being generated, and some packets
> trigger "internal warning: Unexpected IP version in FragReassembler”.
>
> By default the known-hosts script only records hosts in your
> Site::local_nets. You can set that with networks.cfg if you are running
> broctl or you can set it directly in Bro scripts like this...
>
> redef Site::local_nets += { 1.2.3.0/24, 5.6.7.0/24 };
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150605/5eebe9a4/attachment-0001.html
More information about the Bro
mailing list