[Bro] SMB connections

Zied Turki zied.turki at outlook.com
Mon Nov 30 02:48:54 PST 2015


Hello Bro Community,

I am working on the data exfiltration and I have just tested the Exfil Framework. 
I have noticed, that the script failed to detect file uploads from the file server using SMB protocol. Looking to the connections logs (conn.log), the SMB connections are unfortunately not logged. 
Would it be a known issue ? or should I tune some params ? 
Please note that the trafic arrives to Bro machine (I have checked using tcpdump). 

Many thanks,

BR,
Zied
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151130/d70a9257/attachment-0001.html 


More information about the Bro mailing list