[Bro] problem with known-services.bro

Ali Hadi ali at ashemery.com
Fri Jun 5 00:25:32 PDT 2015


You could also get the file generated by adding the local and the
Site::local_nets  that Seth mentioned; like this:

bro -r file.pcap local "Site::local_nets +={172.16.0.0/16}"
knwon-services.bro

Where 172.16.0.0 is your local network.


Best regards,

*Ali *

On Fri, Jun 5, 2015 at 5:23 AM, Seth Hall <seth at icir.org> wrote:

> > On Jun 4, 2015, at 3:16 PM, Earl Eiland <earl.eiland at root9b.com> wrote:
> >
> > Hello.  I'm running known-services.bro on a pcap file.  I'm having two
> problems:  no known-services.log file is being generated, and some packets
> trigger "internal warning: Unexpected IP version in FragReassembler”.
>
>  By default the known-hosts script only records hosts in your
> Site::local_nets.  You can set that with networks.cfg if you are running
> broctl or you can set it directly in Bro scripts like this...
>
> redef Site::local_nets += { 1.2.3.0/24, 5.6.7.0/24 };
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150605/5eebe9a4/attachment-0001.html 


More information about the Bro mailing list